General

  • Target

    61720480948ef6fd675ab4bdf7523883

  • Size

    480KB

  • Sample

    240117-cdltlafeg2

  • MD5

    61720480948ef6fd675ab4bdf7523883

  • SHA1

    4c73a59d3e669816cd1651fe2330532149065abd

  • SHA256

    9505971f4637450dca608b07a5008bc2f3ec16d8bb3ca59c4ed8719da232f789

  • SHA512

    432c6b2394c8494e4ad3423c52bf75e99b980ae2b929197c4f6065979909c1447036ee7e5fa6f63e32c9092c9015643ee74bde88e122033b8f16268f6ff8eee1

  • SSDEEP

    6144:VNi0C7+KQ8ISTJ4/FmdYBxT9FzbHc31pLYm4Kf0Y35iZZSHCX61Hs0yqFf42vMJu:biz/IMaNBxa/9iCnCJqxLvf2KnLd9

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

    • Target

      61720480948ef6fd675ab4bdf7523883

    • Size

      480KB

    • MD5

      61720480948ef6fd675ab4bdf7523883

    • SHA1

      4c73a59d3e669816cd1651fe2330532149065abd

    • SHA256

      9505971f4637450dca608b07a5008bc2f3ec16d8bb3ca59c4ed8719da232f789

    • SHA512

      432c6b2394c8494e4ad3423c52bf75e99b980ae2b929197c4f6065979909c1447036ee7e5fa6f63e32c9092c9015643ee74bde88e122033b8f16268f6ff8eee1

    • SSDEEP

      6144:VNi0C7+KQ8ISTJ4/FmdYBxT9FzbHc31pLYm4Kf0Y35iZZSHCX61Hs0yqFf42vMJu:biz/IMaNBxa/9iCnCJqxLvf2KnLd9

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Deletes itself

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks