General

  • Target

    2df686651393751c666c313c6f9168fcd32fe905bab992fbeb50679da5063c0a

  • Size

    667KB

  • Sample

    220622-p5w5vsheh5

  • MD5

    9e9cefa01b2d4818c0ff998515e488f2

  • SHA1

    822451bed5b6057f9a54df417d61b4ae4585537f

  • SHA256

    2df686651393751c666c313c6f9168fcd32fe905bab992fbeb50679da5063c0a

  • SHA512

    5d0d0f9e317078cad2fe40890dd189e3e5a4cfedb6301d2e68ee14c3da29df6d4f6c16d047219aa435f6111cf2c859970fe6ff45b4cae77410dab294bb5ca7c1

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      2df686651393751c666c313c6f9168fcd32fe905bab992fbeb50679da5063c0a

    • Size

      667KB

    • MD5

      9e9cefa01b2d4818c0ff998515e488f2

    • SHA1

      822451bed5b6057f9a54df417d61b4ae4585537f

    • SHA256

      2df686651393751c666c313c6f9168fcd32fe905bab992fbeb50679da5063c0a

    • SHA512

      5d0d0f9e317078cad2fe40890dd189e3e5a4cfedb6301d2e68ee14c3da29df6d4f6c16d047219aa435f6111cf2c859970fe6ff45b4cae77410dab294bb5ca7c1

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

Tasks