General

  • Target

    179c5ec9b7d17e3beed96c26b42b9e2a1f03fc8ad4cf3f799b52582159e09bb8

  • Size

    7.8MB

  • Sample

    231224-ecd4gaehej

  • MD5

    3617171f978fab460fc9314dd35c0322

  • SHA1

    18ec7a8a1eda82b2f726c1e77db4d05e30e1c869

  • SHA256

    179c5ec9b7d17e3beed96c26b42b9e2a1f03fc8ad4cf3f799b52582159e09bb8

  • SHA512

    0174d91c683bd0916ba4887e7ab9e0c0c3c7187f9637402058a345b13c5cfd9da964322c522982827b878e6c5f9fe4e8a1c812af4eabc6b615ca7b101d475243

  • SSDEEP

    196608:eMQlklxM0jwnFzEa3qqDKvtRDrL3eJVgxuo5:VRl68wFIa3qqGvtxrLuUxuc

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://206.189.191.54:443/jquery-3.3.1.slim.min.js

Targets

    • Target

      179c5ec9b7d17e3beed96c26b42b9e2a1f03fc8ad4cf3f799b52582159e09bb8

    • Size

      7.8MB

    • MD5

      3617171f978fab460fc9314dd35c0322

    • SHA1

      18ec7a8a1eda82b2f726c1e77db4d05e30e1c869

    • SHA256

      179c5ec9b7d17e3beed96c26b42b9e2a1f03fc8ad4cf3f799b52582159e09bb8

    • SHA512

      0174d91c683bd0916ba4887e7ab9e0c0c3c7187f9637402058a345b13c5cfd9da964322c522982827b878e6c5f9fe4e8a1c812af4eabc6b615ca7b101d475243

    • SSDEEP

      196608:eMQlklxM0jwnFzEa3qqDKvtRDrL3eJVgxuo5:VRl68wFIa3qqGvtxrLuUxuc

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Blocklisted process makes network request

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

MITRE ATT&CK Matrix

Tasks