General

  • Target

    61341a3e27aa37ecf3daeae72e8ae3ff

  • Size

    171KB

  • Sample

    240116-3y76fadhd9

  • MD5

    61341a3e27aa37ecf3daeae72e8ae3ff

  • SHA1

    5dda42bcb207c1b6ce7597c410774350b12137f8

  • SHA256

    c8b1b9e535ad797b2c9fe513367eb648001eff9da91842b223206b9428849942

  • SHA512

    e83e558245ba2178a2496a79633e75a68bdcf07a038096020eda5bc3863e8266e1b5fdc1b75e03058c42f09dfa2c83b15b117f15e9aa58e9db88c9534571bc52

  • SSDEEP

    3072:bqGqc+an3E27V3IQHrbbh75UG+t8cQRWXb6mWFQgtbu6vU:brPIQzh7+Bt8cQJVw6s

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      61341a3e27aa37ecf3daeae72e8ae3ff

    • Size

      171KB

    • MD5

      61341a3e27aa37ecf3daeae72e8ae3ff

    • SHA1

      5dda42bcb207c1b6ce7597c410774350b12137f8

    • SHA256

      c8b1b9e535ad797b2c9fe513367eb648001eff9da91842b223206b9428849942

    • SHA512

      e83e558245ba2178a2496a79633e75a68bdcf07a038096020eda5bc3863e8266e1b5fdc1b75e03058c42f09dfa2c83b15b117f15e9aa58e9db88c9534571bc52

    • SSDEEP

      3072:bqGqc+an3E27V3IQHrbbh75UG+t8cQRWXb6mWFQgtbu6vU:brPIQzh7+Bt8cQJVw6s

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks