General
-
Target
f3d980b4d9443683b9e0aba0985deb670b8a6254f1e08def6f14f500527ef7dd
-
Size
1.5MB
-
Sample
220705-mmag2agcbl
-
MD5
02300e90dfe69aabe04b5de7da35eea8
-
SHA1
ba7ba184d95482c53204116adf14e3eb1e4d79e2
-
SHA256
f3d980b4d9443683b9e0aba0985deb670b8a6254f1e08def6f14f500527ef7dd
-
SHA512
12dc367898af4863c9423fb6982a7b58a76ae78ff84eaf401fead4292f96688e49a070367c0a196e495a8b30629fe796a406cab1651051dbb67fd8d34480d07c
Static task
static1
Behavioral task
behavioral1
Sample
f3d980b4d9443683b9e0aba0985deb670b8a6254f1e08def6f14f500527ef7dd.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
f3d980b4d9443683b9e0aba0985deb670b8a6254f1e08def6f14f500527ef7dd.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
metasploit
windows/download_exec
http://124.223.216.170:9443/URjK
Targets
-
-
Target
f3d980b4d9443683b9e0aba0985deb670b8a6254f1e08def6f14f500527ef7dd
-
Size
1.5MB
-
MD5
02300e90dfe69aabe04b5de7da35eea8
-
SHA1
ba7ba184d95482c53204116adf14e3eb1e4d79e2
-
SHA256
f3d980b4d9443683b9e0aba0985deb670b8a6254f1e08def6f14f500527ef7dd
-
SHA512
12dc367898af4863c9423fb6982a7b58a76ae78ff84eaf401fead4292f96688e49a070367c0a196e495a8b30629fe796a406cab1651051dbb67fd8d34480d07c
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
suricata: ET MALWARE Cobalt Strike Beacon Observed
suricata: ET MALWARE Cobalt Strike Beacon Observed
-
suricata: ET MALWARE Generic .bin download from Dotted Quad
suricata: ET MALWARE Generic .bin download from Dotted Quad
-
suricata: ET MALWARE Meterpreter or Other Reverse Shell SSL Cert
suricata: ET MALWARE Meterpreter or Other Reverse Shell SSL Cert
-
suricata: ET MALWARE Possible Metasploit Payload Common Construct Bind_API (from server)
suricata: ET MALWARE Possible Metasploit Payload Common Construct Bind_API (from server)
-
suricata: ET MALWARE Successful Cobalt Strike Shellcode Download (x32)
suricata: ET MALWARE Successful Cobalt Strike Shellcode Download (x32)
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-