metasploit | 4c552e302239b0e1ffc6d75f82550af209738e7a989220b6d3cb6afaefc6db25 | Triage

Sharing

General

Target

4c552e302239b0e1ffc6d75f82550af209738e7a989220b6d3cb6afaefc6db25
Size

1006KB
Sample

221029-wy896shfe9
MD5

84681de601a5f42cfe5eb57f58093b79
SHA1

47d6f3959f912334f62cd0b1fe8919ef0ac476d3
SHA256

4c552e302239b0e1ffc6d75f82550af209738e7a989220b6d3cb6afaefc6db25
SHA512

a78d266a0903ae75f07a306b9d112f3329e4b36e14c91cb06bcea61cf922935d5ab2472d067980b2a7cb8780dd5cf16aa03ffffcde485c2f9be113505a4daf20
SSDEEP

24576:3SXXyotjt7k9Ky7AJHdizL27gR9MLkvmdKQw5:CHyobVIaCvaLetQw5

Score

10^/10

metasploit microsoft persistence phishing

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

77.109.131.9:443

Targets

- Target
  
  4c552e302239b0e1ffc6d75f82550af209738e7a989220b6d3cb6afaefc6db25
- Size
  
  1006KB
- MD5
  
  84681de601a5f42cfe5eb57f58093b79
- SHA1
  
  47d6f3959f912334f62cd0b1fe8919ef0ac476d3
- SHA256
  
  4c552e302239b0e1ffc6d75f82550af209738e7a989220b6d3cb6afaefc6db25
- SHA512
  
  a78d266a0903ae75f07a306b9d112f3329e4b36e14c91cb06bcea61cf922935d5ab2472d067980b2a7cb8780dd5cf16aa03ffffcde485c2f9be113505a4daf20
- SSDEEP
  
  24576:3SXXyotjt7k9Ky7AJHdizL27gR9MLkvmdKQw5:CHyobVIaCvaLetQw5
Score

6^/10

microsoft persistence phishing
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

microsoftpersistencephishing