General

  • Target

    d603c3c02aa3f97e185f86b99a9eb66f802d61e1c231365f460db0f18cb19603

  • Size

    138KB

  • Sample

    221203-em1efsch46

  • MD5

    0d02eac01292ac73c342ad70defca1b6

  • SHA1

    c1d13cc087647dce843aa6b31f20042480ee26ba

  • SHA256

    d603c3c02aa3f97e185f86b99a9eb66f802d61e1c231365f460db0f18cb19603

  • SHA512

    eb96baf0c383b5d72ec00632c1650f06b49d256cb3086efe328fe6a1defdb643a1455da2973a1afe13fa2ceb40471e03b1ec491d8285ec202e543e126face93e

  • SSDEEP

    3072:5R2K6PFDICAgPDkqabSoC5s8b3HH0TfFGc842FCl:+K69DbDj88rIFj842O

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      d603c3c02aa3f97e185f86b99a9eb66f802d61e1c231365f460db0f18cb19603

    • Size

      138KB

    • MD5

      0d02eac01292ac73c342ad70defca1b6

    • SHA1

      c1d13cc087647dce843aa6b31f20042480ee26ba

    • SHA256

      d603c3c02aa3f97e185f86b99a9eb66f802d61e1c231365f460db0f18cb19603

    • SHA512

      eb96baf0c383b5d72ec00632c1650f06b49d256cb3086efe328fe6a1defdb643a1455da2973a1afe13fa2ceb40471e03b1ec491d8285ec202e543e126face93e

    • SSDEEP

      3072:5R2K6PFDICAgPDkqabSoC5s8b3HH0TfFGc842FCl:+K69DbDj88rIFj842O

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Modifies firewall policy service

    • Windows security bypass

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Deletes itself

    • Windows security modification

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

2
T1031

Defense Evasion

Modify Registry

3
T1112

Disabling Security Tools

2
T1089

Discovery

System Information Discovery

1
T1082

Tasks