General

  • Target

    13f1cc34741efecd61a40e3fe5f013870290795d4e5cc5c168ab8826a6ffcd15

  • Size

    1.0MB

  • Sample

    220127-2g86qscdf5

  • MD5

    5bfaef76008edad4f98eb2e70db7a1a2

  • SHA1

    5d501d6a281c67acc3f994113d1eb0862b615a86

  • SHA256

    13f1cc34741efecd61a40e3fe5f013870290795d4e5cc5c168ab8826a6ffcd15

  • SHA512

    f195400ae447ae49326c7ff6cbcbaf2704f2e11d409e4ffb85193c977139f6a96f83170430786a6ae333fefe1fa966e3ea5f0c1663a467953b9040f7dc342693

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      13f1cc34741efecd61a40e3fe5f013870290795d4e5cc5c168ab8826a6ffcd15

    • Size

      1.0MB

    • MD5

      5bfaef76008edad4f98eb2e70db7a1a2

    • SHA1

      5d501d6a281c67acc3f994113d1eb0862b615a86

    • SHA256

      13f1cc34741efecd61a40e3fe5f013870290795d4e5cc5c168ab8826a6ffcd15

    • SHA512

      f195400ae447ae49326c7ff6cbcbaf2704f2e11d409e4ffb85193c977139f6a96f83170430786a6ae333fefe1fa966e3ea5f0c1663a467953b9040f7dc342693

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks