General

  • Target

    5d8bc71288534d516fbe7a2df5493159

  • Size

    149KB

  • Sample

    240115-tw2ffacbe4

  • MD5

    5d8bc71288534d516fbe7a2df5493159

  • SHA1

    5b2d7e27c7db236d52c558ab227e55f59aed3fbc

  • SHA256

    407c8d7c3b06000b02bbd04f88bf3ceff909b2d32e2832708481a055d828bb74

  • SHA512

    1d3c2563957f3fc97bd60b2da86158cc20064c780efc1ae781012409165420f2af39ef14b91ab1aef114baf57545f6cc1fd84a5f31e68a0a8ef76adbbf8a619a

  • SSDEEP

    3072:P2SyW1Q6hQBcKxFjojOdcFjOn60B4JMGr8FHfBul5RLO2:P/yI1K7Fjoycjbj5r8FZERX

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      5d8bc71288534d516fbe7a2df5493159

    • Size

      149KB

    • MD5

      5d8bc71288534d516fbe7a2df5493159

    • SHA1

      5b2d7e27c7db236d52c558ab227e55f59aed3fbc

    • SHA256

      407c8d7c3b06000b02bbd04f88bf3ceff909b2d32e2832708481a055d828bb74

    • SHA512

      1d3c2563957f3fc97bd60b2da86158cc20064c780efc1ae781012409165420f2af39ef14b91ab1aef114baf57545f6cc1fd84a5f31e68a0a8ef76adbbf8a619a

    • SSDEEP

      3072:P2SyW1Q6hQBcKxFjojOdcFjOn60B4JMGr8FHfBul5RLO2:P/yI1K7Fjoycjbj5r8FZERX

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks