General

  • Target

    5dcd321fc30d82dc9e7439848ed0da54

  • Size

    388KB

  • Sample

    240115-xa15bseah3

  • MD5

    5dcd321fc30d82dc9e7439848ed0da54

  • SHA1

    85e6800abd6a359704db24fc79ca703b471eea2c

  • SHA256

    99f1a07b8d4ef5d45fb2133bff97a7bda0c67cdd947fe05b60af3f8d799c28da

  • SHA512

    1658bdff57d491c23483344083765a0cfe1f97559d492c326a967d80883eb449d47961ce6582c10e1bdf4b19109ac998cf165d998e7c5d30af835963cbd6f2dc

  • SSDEEP

    6144:zPmL+2Xx4Yy0D5eCgz2bRjiRp5y1klnRhPVFd02HaAvPJT5cRgtMx+yEoV5efoN9:Lm6uuAo1zAR0KklRnsOvvPp5cGMAHni

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

    • Target

      5dcd321fc30d82dc9e7439848ed0da54

    • Size

      388KB

    • MD5

      5dcd321fc30d82dc9e7439848ed0da54

    • SHA1

      85e6800abd6a359704db24fc79ca703b471eea2c

    • SHA256

      99f1a07b8d4ef5d45fb2133bff97a7bda0c67cdd947fe05b60af3f8d799c28da

    • SHA512

      1658bdff57d491c23483344083765a0cfe1f97559d492c326a967d80883eb449d47961ce6582c10e1bdf4b19109ac998cf165d998e7c5d30af835963cbd6f2dc

    • SSDEEP

      6144:zPmL+2Xx4Yy0D5eCgz2bRjiRp5y1klnRhPVFd02HaAvPJT5cRgtMx+yEoV5efoN9:Lm6uuAo1zAR0KklRnsOvvPp5cGMAHni

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Deletes itself

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks