General

  • Target

    5e9013e22ff455200a1a014780dbdd5e

  • Size

    497KB

  • Sample

    240116-bfjxcaabap

  • MD5

    5e9013e22ff455200a1a014780dbdd5e

  • SHA1

    0e6373420a6a2d58e8bf9421c0c1965aa7992974

  • SHA256

    cfe125f36d37de26cd3d2003ca27710e67ea988c30bfa3a83b86a56cc1f35e6e

  • SHA512

    38942b9965445b68e997c34be7b17ced7461f2a290bb633cbcaf95f1cd7b97fb9ae168664174c712b79d866bc5a366395c31bc4548cbb0cda5b98c2fbe28f8c2

  • SSDEEP

    6144:djrovygY18ZTb218VhPMeaHd7mKo5x12zELLWHicDwxEMGwBMxCtiozL7z3:Dy5hPMeaHro5x5c8xEMGwpXX

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

    • Target

      5e9013e22ff455200a1a014780dbdd5e

    • Size

      497KB

    • MD5

      5e9013e22ff455200a1a014780dbdd5e

    • SHA1

      0e6373420a6a2d58e8bf9421c0c1965aa7992974

    • SHA256

      cfe125f36d37de26cd3d2003ca27710e67ea988c30bfa3a83b86a56cc1f35e6e

    • SHA512

      38942b9965445b68e997c34be7b17ced7461f2a290bb633cbcaf95f1cd7b97fb9ae168664174c712b79d866bc5a366395c31bc4548cbb0cda5b98c2fbe28f8c2

    • SSDEEP

      6144:djrovygY18ZTb218VhPMeaHd7mKo5x12zELLWHicDwxEMGwBMxCtiozL7z3:Dy5hPMeaHro5x5c8xEMGwpXX

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Modifies security service

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks