General

  • Target

    8c0c79a1d225b583724e6d6cb97d2640

  • Size

    3.3MB

  • Sample

    201117-rq4pb3gggs

  • MD5

    0ba017905530191d89e50d9a003c45b4

  • SHA1

    443d69b2e324085ca7c580362f67a8ae8c1fe533

  • SHA256

    bf304454110fe62f35ec0f381f0a1018962014c56c7f6d7f351684fba42549e2

  • SHA512

    7b22932848be193d9ed0d7876241f557bbcfad663b34964f3a35d6a5143685cced8094913190492d37190972eecf81ef12c4d6c95ec91b6e6091cf974437b95a

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://47.91.237.42:8443/blIF

Targets

    • Target

      8c0c79a1d225b583724e6d6cb97d2640

    • Size

      3.3MB

    • MD5

      0ba017905530191d89e50d9a003c45b4

    • SHA1

      443d69b2e324085ca7c580362f67a8ae8c1fe533

    • SHA256

      bf304454110fe62f35ec0f381f0a1018962014c56c7f6d7f351684fba42549e2

    • SHA512

      7b22932848be193d9ed0d7876241f557bbcfad663b34964f3a35d6a5143685cced8094913190492d37190972eecf81ef12c4d6c95ec91b6e6091cf974437b95a

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

MITRE ATT&CK Matrix

Tasks