Description
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
asdfghz.zip
255KB
211118-3jn41sgbcr
70eee3d4edd1cf1969d95d4d568d86e5
146b9b30589977d988b64b622e4146298c5869fc
a356640c2a6d7d3f0dbe3a069b8f56e9dafe2da03d3df9606133417d1b5ca258
c6d694f383493e5d605cdb418766edc25285aa826db1b194cf9ab694d4d6b7f5c82d9613223bc45dd1108b08a976564361b05b574f8d621fbf5545ae8125c2d9
Family | socelars |
C2 |
http://www.gianninidesign.com/ |
Family | smokeloader |
Version | 2020 |
C2 |
http://host-file-host6.com/ http://host-host-file8.com/ |
rc4.i32 |
|
rc4.i32 |
|
Family | metasploit |
Version | windows/single_exec |
Family | vidar |
Version | 48.6 |
Botnet | 937 |
C2 |
https://mastodon.online/@valhalla https://koyu.space/@valhalla |
Attributes |
profile_id 937 |
Setup.exe
d9552a15a61f255df3206b63ee0383be
554KB
7c76e2edcf184b90d40003dac71b08e3a3ed2e8c
0cdd906491990c6ba9c24bdd60172057587859a8e649ba7f4b51fece9a0fdac6
0ce1db824d226df28177b6e5394fa1f8483333583d8332680d4cf0cfc8627a53d69c1c857b319dd200e0f38bf88d445a4289d78472fe3167cc39ae6a85f21599
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
This typically indicates the parent process was compromised via an exploit or macro.
Modular backdoor trojan in use since 2014.
Socelars is an infostealer targeting browser cookies and credit card credentials.
Vidar is an infostealer based on Arkei stealer.
suricata: ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin
suricata: ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin M2
Looks up country code configured in the registry, likely geofence.
Infostealers often target stored browser data, which can include saved credentials etc.
Detects Themida, an advanced Windows software protection system.
Looks up Uninstall key entries in the registry to enumerate software on the system.
Uses a legitimate IP lookup service to find the infected system's external IP.
Uses a legitimate geolocation service to find the infected system's geolocation info.