General

  • Target

    5e49f1ae60ee3e310958aca0aef37412

  • Size

    248KB

  • Sample

    240115-2p86pshda2

  • MD5

    5e49f1ae60ee3e310958aca0aef37412

  • SHA1

    9d8e496d16c36068a4ccb5d42ed4d0529199c94c

  • SHA256

    d180bd5921c8c94d3f250722e21a26633d22e37c4b6e1a8b94f5302b5d531ddf

  • SHA512

    a0c0fd561d80467870e2a3064be2fad2153f706365579f3d451ddbfaedc77c70941a788edcea21362e7eb6b6b3c7ea46eee921a680571e8f7cff4f801d42daaf

  • SSDEEP

    1536:PNUlDg0zwznq/9oY0ARaWw7m5J3MBLlkoBy+gM/njEO5b22IfyW+TVTJBm9vz3/y:QIKE5B3QpwRIL7L3G1ijK5QeuA

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.1.98:4444

Targets

    • Target

      5e49f1ae60ee3e310958aca0aef37412

    • Size

      248KB

    • MD5

      5e49f1ae60ee3e310958aca0aef37412

    • SHA1

      9d8e496d16c36068a4ccb5d42ed4d0529199c94c

    • SHA256

      d180bd5921c8c94d3f250722e21a26633d22e37c4b6e1a8b94f5302b5d531ddf

    • SHA512

      a0c0fd561d80467870e2a3064be2fad2153f706365579f3d451ddbfaedc77c70941a788edcea21362e7eb6b6b3c7ea46eee921a680571e8f7cff4f801d42daaf

    • SSDEEP

      1536:PNUlDg0zwznq/9oY0ARaWw7m5J3MBLlkoBy+gM/njEO5b22IfyW+TVTJBm9vz3/y:QIKE5B3QpwRIL7L3G1ijK5QeuA

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks