General
-
Target
bc153eda0f9d1bd526dd32439248d67070d030631ff4e0b8a7aaec654c8e44ee
-
Size
832KB
-
Sample
220705-mhma2aabe2
-
MD5
8f978a1a3775eee75434257415c5018d
-
SHA1
d632e4dd9212f8b021e52980f8e4d8d8ab2e255a
-
SHA256
bc153eda0f9d1bd526dd32439248d67070d030631ff4e0b8a7aaec654c8e44ee
-
SHA512
0bb2a735dbe379f285ecfcc9d3e415e06db805bf529920654ee94a84a15e73f47b76392dfe3eeebba9b2f743e81296f905d528fc5a9f445dc7ef30797ddb259a
Static task
static1
Behavioral task
behavioral1
Sample
bc153eda0f9d1bd526dd32439248d67070d030631ff4e0b8a7aaec654c8e44ee.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
bc153eda0f9d1bd526dd32439248d67070d030631ff4e0b8a7aaec654c8e44ee.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
metasploit
windows/download_exec
http://124.223.216.170:9443/URjK
Targets
-
-
Target
bc153eda0f9d1bd526dd32439248d67070d030631ff4e0b8a7aaec654c8e44ee
-
Size
832KB
-
MD5
8f978a1a3775eee75434257415c5018d
-
SHA1
d632e4dd9212f8b021e52980f8e4d8d8ab2e255a
-
SHA256
bc153eda0f9d1bd526dd32439248d67070d030631ff4e0b8a7aaec654c8e44ee
-
SHA512
0bb2a735dbe379f285ecfcc9d3e415e06db805bf529920654ee94a84a15e73f47b76392dfe3eeebba9b2f743e81296f905d528fc5a9f445dc7ef30797ddb259a
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
suricata: ET MALWARE Cobalt Strike Beacon Observed
suricata: ET MALWARE Cobalt Strike Beacon Observed
-
suricata: ET MALWARE Generic .bin download from Dotted Quad
suricata: ET MALWARE Generic .bin download from Dotted Quad
-
suricata: ET MALWARE Meterpreter or Other Reverse Shell SSL Cert
suricata: ET MALWARE Meterpreter or Other Reverse Shell SSL Cert
-
suricata: ET MALWARE Possible Metasploit Payload Common Construct Bind_API (from server)
suricata: ET MALWARE Possible Metasploit Payload Common Construct Bind_API (from server)
-
suricata: ET MALWARE Successful Cobalt Strike Shellcode Download (x32)
suricata: ET MALWARE Successful Cobalt Strike Shellcode Download (x32)
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-