General

  • Target

    5dd67920a1deb971acb7b0f81cf0c006

  • Size

    340KB

  • Sample

    240115-xlzqmsdcal

  • MD5

    5dd67920a1deb971acb7b0f81cf0c006

  • SHA1

    1be23b77d9bc9ca9ea18bae812fbb3513edcc9b0

  • SHA256

    5cbb8f6bcf4741a6dfd27582df4a81189a0f823f16db51fe9172136dbda7e0cf

  • SHA512

    b9833780dbb79732921f22dcde3defa0c0e34831ba0992dcfc6353b57474423c6831a704e3a2dded8a5fe09506024640fd04e5134abee6192762bca76461af93

  • SSDEEP

    3072:99olt8KWJtjQxl/eGfl2guPQK1tX0Fg4AfETCvBSZVXVlgUreK+K:nidWHjpMUoE3vyVlgUaf

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      5dd67920a1deb971acb7b0f81cf0c006

    • Size

      340KB

    • MD5

      5dd67920a1deb971acb7b0f81cf0c006

    • SHA1

      1be23b77d9bc9ca9ea18bae812fbb3513edcc9b0

    • SHA256

      5cbb8f6bcf4741a6dfd27582df4a81189a0f823f16db51fe9172136dbda7e0cf

    • SHA512

      b9833780dbb79732921f22dcde3defa0c0e34831ba0992dcfc6353b57474423c6831a704e3a2dded8a5fe09506024640fd04e5134abee6192762bca76461af93

    • SSDEEP

      3072:99olt8KWJtjQxl/eGfl2guPQK1tX0Fg4AfETCvBSZVXVlgUreK+K:nidWHjpMUoE3vyVlgUaf

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks