General

  • Target

    5d878c0c7ce0f8d20e4de8bd57a502ca

  • Size

    1.1MB

  • Sample

    240115-tqh2xabacp

  • MD5

    5d878c0c7ce0f8d20e4de8bd57a502ca

  • SHA1

    0bce863674ec0532af22a434ea3b2f598dcf36b7

  • SHA256

    1e6ed8aa1ac3c551fa968840f8073123a5b32bfd69f7ccfb8318cef47026c0d4

  • SHA512

    d9db95de879eb453937606e31e1fc16532eafc83720ed92913abd1dbb8b2008c62ff96c6260216bcd0a8fdf255f9e184a823d9347f4c04e8c27faf80b9ce21be

  • SSDEEP

    12288:xpb/ir7hhARq3/T4GHQSRvJ/ulYPCz+HavEwEQFrN:xt/ir7bAK/ZFMlY8+HN9w

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

    • Target

      5d878c0c7ce0f8d20e4de8bd57a502ca

    • Size

      1.1MB

    • MD5

      5d878c0c7ce0f8d20e4de8bd57a502ca

    • SHA1

      0bce863674ec0532af22a434ea3b2f598dcf36b7

    • SHA256

      1e6ed8aa1ac3c551fa968840f8073123a5b32bfd69f7ccfb8318cef47026c0d4

    • SHA512

      d9db95de879eb453937606e31e1fc16532eafc83720ed92913abd1dbb8b2008c62ff96c6260216bcd0a8fdf255f9e184a823d9347f4c04e8c27faf80b9ce21be

    • SSDEEP

      12288:xpb/ir7hhARq3/T4GHQSRvJ/ulYPCz+HavEwEQFrN:xt/ir7bAK/ZFMlY8+HN9w

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks