metasploit

General

Target

5180621dabfbf51a1764886b08bf8b954f27e326ed6167fbdbd8a6f6313c534f
Size

5.0MB
Sample

220718-r9ahrsgcdj
MD5

38c817799dc0b801b8051000baac445a
SHA1

6b7b2c1659ae194b6f7a5d94e40e94cacdc1bccc
SHA256

5180621dabfbf51a1764886b08bf8b954f27e326ed6167fbdbd8a6f6313c534f
SHA512

281797346098fb0b15265e28b4fa6bd98304611878ef7b902fa0170fec8c4437f43d8d285578538e09b41973f90c522c801bb91e2b41401e68a96839d3495006

Score

10^/10

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  5180621dabfbf51a1764886b08bf8b954f27e326ed6167fbdbd8a6f6313c534f
- Size
  
  5.0MB
- MD5
  
  38c817799dc0b801b8051000baac445a
- SHA1
  
  6b7b2c1659ae194b6f7a5d94e40e94cacdc1bccc
- SHA256
  
  5180621dabfbf51a1764886b08bf8b954f27e326ed6167fbdbd8a6f6313c534f
- SHA512
  
  281797346098fb0b15265e28b4fa6bd98304611878ef7b902fa0170fec8c4437f43d8d285578538e09b41973f90c522c801bb91e2b41401e68a96839d3495006
Score

10^/10

metasploit wannacry backdoor ransomware suricata trojan worm evasion
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Modifies firewall policy service
  evasion
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup
  suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup
  suricata
- suricata: ET MALWARE Known Sinkhole Response Header
  suricata: ET MALWARE Known Sinkhole Response Header
  suricata
- suricata: ET MALWARE Possible WannaCry DNS Lookup 2
  suricata: ET MALWARE Possible WannaCry DNS Lookup 2
  suricata
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Modifies firewall policy service

Wannacry

suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup

suricata: ET MALWARE Known Sinkhole Response Header

suricata: ET MALWARE Possible WannaCry DNS Lookup 2

Executes dropped EXE

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2