General

  • Target

    7807906127.zip

  • Size

    49.4MB

  • Sample

    220726-nz5dlsceh4

  • MD5

    b00ef648c1ce11bdba27ab512a3ee14e

  • SHA1

    b450b4a2f491906a9d084016da1e0ebc59860fd8

  • SHA256

    2c05f216181f20e481650a7807ba0420c25ca7410748ef66e5bcb4f8de693c31

  • SHA512

    64827d4caa99398fe30f5602e8d50309be85fb452c6d8702b4b171da99c39e14b5e7ffd06ca2b35035fce3a6990c358105702263e04cee2b1b285a74a3d4aba3

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

70.251.211.113:80

Targets

    • Target

      5ce684113f882d6005329ffa8c260cf3d9cc8c3fda1c9329a11d8d253d059e3c

    • Size

      49.4MB

    • MD5

      50f031c86135dfd7005ed6c048860914

    • SHA1

      9f20e3545618f119d7e0ecec78b4aef43d4c0ad6

    • SHA256

      5ce684113f882d6005329ffa8c260cf3d9cc8c3fda1c9329a11d8d253d059e3c

    • SHA512

      4aeac37df917c511cb35e44f4e807545a25529069ef3158febf71167b5658cd8e5b54e8aab0ae236a377e049efc9f0732bb47014cddf50c2abe927246e022fd4

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks