General

  • Target

    60ba015780f10db4a558f1a3dc9dcde1

  • Size

    90KB

  • Sample

    240116-yjmtqshfal

  • MD5

    60ba015780f10db4a558f1a3dc9dcde1

  • SHA1

    cf207581e692558e0d16df0336e19bb81213882e

  • SHA256

    c6fe11dd03c317ed96b8a2f526391080cb67c2b73a7f2cda0e0558262bf542d6

  • SHA512

    59a3d1f201cc057bf2983f7b30dd0f59cfcfee9f15f9552ea8141ec2685235c35f5e7092d7342d6f863051db66d8962fad3ff9bdad0f32dc64609001de989a5f

  • SSDEEP

    1536:CV2L4TiObEHyHvbnMKMH6dOI0gzzpHauYjM5CcujnIkRplsv:CVRbESP7M8Qjg9aXg2nIkrlsv

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      60ba015780f10db4a558f1a3dc9dcde1

    • Size

      90KB

    • MD5

      60ba015780f10db4a558f1a3dc9dcde1

    • SHA1

      cf207581e692558e0d16df0336e19bb81213882e

    • SHA256

      c6fe11dd03c317ed96b8a2f526391080cb67c2b73a7f2cda0e0558262bf542d6

    • SHA512

      59a3d1f201cc057bf2983f7b30dd0f59cfcfee9f15f9552ea8141ec2685235c35f5e7092d7342d6f863051db66d8962fad3ff9bdad0f32dc64609001de989a5f

    • SSDEEP

      1536:CV2L4TiObEHyHvbnMKMH6dOI0gzzpHauYjM5CcujnIkRplsv:CVRbESP7M8Qjg9aXg2nIkrlsv

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Adds policy Run key to start application

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks