General
-
Target
ä¸å›½ç”µæœºå·¥ç¨‹å¦ä¼š-2022年度新型电力系统创新奖申报表.exe
-
Size
515KB
-
Sample
220706-rf4vhsffd3
-
MD5
0299feffabdd3815d2249a5643203e3f
-
SHA1
bdba33cf063fada308e401ab34980c62bc7dacbc
-
SHA256
ed220a4ab4a9de44a5d1cd380be9dab98e90f820003e38bff4163ff4c881ea30
-
SHA512
8ff00b998c386bfe96da6c7dce2c1e5cae6b671c0ebcef0d7da7a8f3fd9150af76587c11a3771f4c8e8b3f7301a642691a2d7cf99cc4bac1f052b8486826125d
Malware Config
Extracted
metasploit
windows/download_exec
http://42.194.199.231:443/9ws9
Targets
-
-
Target
ä¸å›½ç”µæœºå·¥ç¨‹å¦ä¼š-2022年度新型电力系统创新奖申报表.exe
-
Size
515KB
-
MD5
0299feffabdd3815d2249a5643203e3f
-
SHA1
bdba33cf063fada308e401ab34980c62bc7dacbc
-
SHA256
ed220a4ab4a9de44a5d1cd380be9dab98e90f820003e38bff4163ff4c881ea30
-
SHA512
8ff00b998c386bfe96da6c7dce2c1e5cae6b671c0ebcef0d7da7a8f3fd9150af76587c11a3771f4c8e8b3f7301a642691a2d7cf99cc4bac1f052b8486826125d
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
suricata: ET MALWARE Generic .bin download from Dotted Quad
suricata: ET MALWARE Generic .bin download from Dotted Quad
-
suricata: ET MALWARE Meterpreter or Other Reverse Shell SSL Cert
suricata: ET MALWARE Meterpreter or Other Reverse Shell SSL Cert
-
suricata: ET MALWARE Possible Metasploit Payload Common Construct Bind_API (from server)
suricata: ET MALWARE Possible Metasploit Payload Common Construct Bind_API (from server)
-
suricata: ET MALWARE Successful Cobalt Strike Shellcode Download (x32)
suricata: ET MALWARE Successful Cobalt Strike Shellcode Download (x32)
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-