Description
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
General
Target
Size
Sample
2df686651393751c666c313c6f9168fcd32fe905bab992fbeb50679da5063c0a
667KB
220622-p5w5vsheh5
Score
10/10
MD5
SHA1
SHA256
SHA512
9e9cefa01b2d4818c0ff998515e488f2
822451bed5b6057f9a54df417d61b4ae4585537f
2df686651393751c666c313c6f9168fcd32fe905bab992fbeb50679da5063c0a
5d0d0f9e317078cad2fe40890dd189e3e5a4cfedb6301d2e68ee14c3da29df6d4f6c16d047219aa435f6111cf2c859970fe6ff45b4cae77410dab294bb5ca7c1
Malware Config
Extracted
| Family | metasploit |
| Version | encoder/call4_dword_xor |
Targets
Target
MD5
Filesize
2df686651393751c666c313c6f9168fcd32fe905bab992fbeb50679da5063c0a
9e9cefa01b2d4818c0ff998515e488f2
667KB
Score
10/10
SHA1
SHA256
SHA512
822451bed5b6057f9a54df417d61b4ae4585537f
2df686651393751c666c313c6f9168fcd32fe905bab992fbeb50679da5063c0a
5d0d0f9e317078cad2fe40890dd189e3e5a4cfedb6301d2e68ee14c3da29df6d4f6c16d047219aa435f6111cf2c859970fe6ff45b4cae77410dab294bb5ca7c1
Tags
Signatures
-
MetaSploit
-
Identifies Wine through registry keys
Description
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Tags
TTPs
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks
static1
Score
N/A
behavioral1
Score
10/10
behavioral2
Score
10/10