General
Target

20e34ba4bc010f84a75d72ee6dad0b1a0524b56fa5268deb84a3d88c4ed87880

Size

255KB

Sample

220621-ybg9aabbhn

Score
10/10
MD5

ed3b4e9f3e4ecaa892a385bf73637b7d

SHA1

cbe4f0dfe65091ac454323821a87bf4811a4b985

SHA256

20e34ba4bc010f84a75d72ee6dad0b1a0524b56fa5268deb84a3d88c4ed87880

SHA512

bfc5f7db658e893bffe4bc08b4916d1478349198b1b80c822ece134689f171c8ce5334893150cbb6cbacd98f5f8ae4489dcf5a86006f0ffc802057e0eacd7fb1

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://intranet.iml-bank.info:8443/bYdlO5EaAdxEN0U2HZnuJgNIg3DW9OTJnb8evXSt58vYMLdYSI0mna6_pJRRxZXDbngIH_8E88XkC337M3U3EQJNFwHQJtiw8a8bTNqNcc-niwQ-nqOBcnfqorz6aMGUvym9oK5dH3ctbP8zV

Targets
Target

20e34ba4bc010f84a75d72ee6dad0b1a0524b56fa5268deb84a3d88c4ed87880

MD5

ed3b4e9f3e4ecaa892a385bf73637b7d

Filesize

255KB

Score
10/10
SHA1

cbe4f0dfe65091ac454323821a87bf4811a4b985

SHA256

20e34ba4bc010f84a75d72ee6dad0b1a0524b56fa5268deb84a3d88c4ed87880

SHA512

bfc5f7db658e893bffe4bc08b4916d1478349198b1b80c822ece134689f171c8ce5334893150cbb6cbacd98f5f8ae4489dcf5a86006f0ffc802057e0eacd7fb1

Tags

Signatures

  • MetaSploit

    Description

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      Score
                      8/10

                      behavioral1

                      Score
                      10/10

                      behavioral2

                      Score
                      10/10