General

  • Target

    5cbd430c9e86ce90e0214dc4a983d46b

  • Size

    261KB

  • Sample

    240115-lk9nnsdean

  • MD5

    5cbd430c9e86ce90e0214dc4a983d46b

  • SHA1

    2b43265cef7b46779ea924c50c6bcba2d2a03550

  • SHA256

    56ae7bdd52533a5bdb8de81c1378bff76c97151438aaeadec3752e073b4f5792

  • SHA512

    d93865975f17ac9056354ae7c91e35b2fb552526b3dc8142af89354a3dfac40780e4f41e885365bb38e464a86b6a6da7d7fa41ca3ea176234a0c0b3c005e788a

  • SSDEEP

    6144:uJcikIaeUFgqmAzYhoRzXISLHHZQIKKYdYD7:uOnfeUFgqmdhoRz7LZQ27D7

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      5cbd430c9e86ce90e0214dc4a983d46b

    • Size

      261KB

    • MD5

      5cbd430c9e86ce90e0214dc4a983d46b

    • SHA1

      2b43265cef7b46779ea924c50c6bcba2d2a03550

    • SHA256

      56ae7bdd52533a5bdb8de81c1378bff76c97151438aaeadec3752e073b4f5792

    • SHA512

      d93865975f17ac9056354ae7c91e35b2fb552526b3dc8142af89354a3dfac40780e4f41e885365bb38e464a86b6a6da7d7fa41ca3ea176234a0c0b3c005e788a

    • SSDEEP

      6144:uJcikIaeUFgqmAzYhoRzXISLHHZQIKKYdYD7:uOnfeUFgqmdhoRz7LZQ27D7

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks