General

  • Target

    61249a0cc6af21b109adf17dcae2ed76

  • Size

    214KB

  • Sample

    240116-3d9tjacfep

  • MD5

    61249a0cc6af21b109adf17dcae2ed76

  • SHA1

    60d1048ba33260f88e7741eba18b99728925d3da

  • SHA256

    7fd37b7079c2098d7bc22cb6eb1b80d3a35c0a92059e6bda0715ae52a9fd40de

  • SHA512

    18a506dea8740dd84fd841293aa349b4bc2988d6d4d50be657c09631f2e3bd90f89caf7b6be24097d40f073b225b8e6c0e025e194b224dd29d2727d2db948467

  • SSDEEP

    6144:zN2xrOAbA8+LL8G5MTfBj+glD3ddYORul:zYdOgA9LfmTfjlD3dd5Ul

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      61249a0cc6af21b109adf17dcae2ed76

    • Size

      214KB

    • MD5

      61249a0cc6af21b109adf17dcae2ed76

    • SHA1

      60d1048ba33260f88e7741eba18b99728925d3da

    • SHA256

      7fd37b7079c2098d7bc22cb6eb1b80d3a35c0a92059e6bda0715ae52a9fd40de

    • SHA512

      18a506dea8740dd84fd841293aa349b4bc2988d6d4d50be657c09631f2e3bd90f89caf7b6be24097d40f073b225b8e6c0e025e194b224dd29d2727d2db948467

    • SSDEEP

      6144:zN2xrOAbA8+LL8G5MTfBj+glD3ddYORul:zYdOgA9LfmTfjlD3dd5Ul

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks