General
Target

a87fb882e248d4091541cd355ed3227801d014d83051f610edf08ac0c7a964a1

Size

1MB

Sample

220625-lzjqsshgg8

Score
10/10
MD5

d82cf866082b643af2e30bc6e2d2b5d5

SHA1

e4a416739bbde89e3fe7d613e6d421c282f2a22d

SHA256

a87fb882e248d4091541cd355ed3227801d014d83051f610edf08ac0c7a964a1

SHA512

b71ff0d14b59877dca3bf45a164b7d93a23e48520e055a1f7b25a021a257871633a5ec99182f65425b47f78b1e4020bd4d031299e4586ea22ba07e0c83339de4

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

193.37.213.221:56300

Targets
Target

a87fb882e248d4091541cd355ed3227801d014d83051f610edf08ac0c7a964a1

MD5

d82cf866082b643af2e30bc6e2d2b5d5

Filesize

1MB

Score
10/10
SHA1

e4a416739bbde89e3fe7d613e6d421c282f2a22d

SHA256

a87fb882e248d4091541cd355ed3227801d014d83051f610edf08ac0c7a964a1

SHA512

b71ff0d14b59877dca3bf45a164b7d93a23e48520e055a1f7b25a021a257871633a5ec99182f65425b47f78b1e4020bd4d031299e4586ea22ba07e0c83339de4

Tags

Signatures

  • MetaSploit

    Description

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    Tags

  • Modifies Windows Defender Real-time Protection settings

    Tags

    TTPs

    Modify RegistryModify Existing ServiceDisabling Security Tools
  • Modifies visiblity of hidden/system files in Explorer

    Tags

    TTPs

    Hidden Files and DirectoriesModify Registry
  • UAC bypass

    Tags

    TTPs

    Bypass User Account ControlDisabling Security ToolsModify Registry
  • Blocks application from running via registry modification

    Description

    Adds application to list of disallowed applications.

    Tags

  • Executes dropped EXE

  • Stops running service(s)

    Tags

    TTPs

    Modify Existing ServiceService Stop
  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service
  • Modifies WinLogon

    Tags

    TTPs

    Winlogon Helper DLLModify Registry
  • AutoIT Executable

    Description

    AutoIT scripts compiled to PE executables.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
            Initial Access
              Lateral Movement
                Privilege Escalation
                Tasks

                static1

                Score
                5/10