General
Target

mnuj9mvxg.dll

Size

71KB

Sample

220622-m1skrsfeg3

Score
10/10
MD5

7071a9e9744e0ed2682a228e802d0281

SHA1

fba39f452aafbcba9a7917bf78029d7be66ce7c8

SHA256

09bfa448e4bbea8fe36be6962b963cfadf764593e03b314c9ce81f9b2cff1349

SHA512

7c0e3d496157329b0cb2f1794b6c1bdd574d33293cf3fffa4281230eabe9299344d21a3487186af910b4327ec7c59831a0efafc19389c7dfc8e0554b013b8371

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://212.192.241.155:8080/ROlO

Attributes
headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENIN)
Targets
Target

mnuj9mvxg.dll

MD5

7071a9e9744e0ed2682a228e802d0281

Filesize

71KB

Score
8/10
SHA1

fba39f452aafbcba9a7917bf78029d7be66ce7c8

SHA256

09bfa448e4bbea8fe36be6962b963cfadf764593e03b314c9ce81f9b2cff1349

SHA512

7c0e3d496157329b0cb2f1794b6c1bdd574d33293cf3fffa4281230eabe9299344d21a3487186af910b4327ec7c59831a0efafc19389c7dfc8e0554b013b8371

Signatures

  • Blocklisted process makes network request

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          Score
                          10/10

                          behavioral1

                          Score
                          8/10

                          behavioral2

                          Score
                          8/10