General

  • Target

    a0a0ad6ae5130ccacef3a149f33d34581441b02ddf86576d2e62e4a127c05b63

  • Size

    140KB

  • Sample

    221205-mpxeksbe34

  • MD5

    ee22c659a9906b56a71903934fe4bad4

  • SHA1

    5b362603ef42dcb02cbbefdf0031aa5b651535f1

  • SHA256

    a0a0ad6ae5130ccacef3a149f33d34581441b02ddf86576d2e62e4a127c05b63

  • SHA512

    9ab5d4b3ab59e77de31f48b2ea03afaa1cea191ad7dd7d8fc8dd092368d763736e8138ea0f592aea4f3af4ea671941b6199586d3b0c8382a63696205f8f4b2f3

  • SSDEEP

    3072:rM65IQk/moU+pcIjdVNucStRgSyj3L/jjqId4/tSzkrj:9k/mJ+pStRpyj3/HW/tSQ/

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      a0a0ad6ae5130ccacef3a149f33d34581441b02ddf86576d2e62e4a127c05b63

    • Size

      140KB

    • MD5

      ee22c659a9906b56a71903934fe4bad4

    • SHA1

      5b362603ef42dcb02cbbefdf0031aa5b651535f1

    • SHA256

      a0a0ad6ae5130ccacef3a149f33d34581441b02ddf86576d2e62e4a127c05b63

    • SHA512

      9ab5d4b3ab59e77de31f48b2ea03afaa1cea191ad7dd7d8fc8dd092368d763736e8138ea0f592aea4f3af4ea671941b6199586d3b0c8382a63696205f8f4b2f3

    • SSDEEP

      3072:rM65IQk/moU+pcIjdVNucStRgSyj3L/jjqId4/tSzkrj:9k/mJ+pStRpyj3/HW/tSQ/

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Modifies firewall policy service

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks