General

  • Target

    6b9828ca9587d5bdea51ce6608623e588ca6851c7f78c83d5d399637a3f7bbc7

  • Size

    3.0MB

  • Sample

    240117-g967mabac8

  • MD5

    2e4886eca495e5e120c96b826f131c3d

  • SHA1

    7f4b1cf46745562dc46bcd012082b017c52f99d5

  • SHA256

    6b9828ca9587d5bdea51ce6608623e588ca6851c7f78c83d5d399637a3f7bbc7

  • SHA512

    4cd939b4142576a043991e7705771fbee3ce2fd133e5c8bd34558226114bce929a831cacb4afc3fbfa43e0a6bdbea7d1dd5af889f95a07f282792e44fdcbc082

  • SSDEEP

    49152:0HxO2TIGghH+hkDFyTrEAfBQwMh6Qe7VLOhI:E3wN

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

104.194.78.162:9003

Targets

    • Target

      6b9828ca9587d5bdea51ce6608623e588ca6851c7f78c83d5d399637a3f7bbc7

    • Size

      3.0MB

    • MD5

      2e4886eca495e5e120c96b826f131c3d

    • SHA1

      7f4b1cf46745562dc46bcd012082b017c52f99d5

    • SHA256

      6b9828ca9587d5bdea51ce6608623e588ca6851c7f78c83d5d399637a3f7bbc7

    • SHA512

      4cd939b4142576a043991e7705771fbee3ce2fd133e5c8bd34558226114bce929a831cacb4afc3fbfa43e0a6bdbea7d1dd5af889f95a07f282792e44fdcbc082

    • SSDEEP

      49152:0HxO2TIGghH+hkDFyTrEAfBQwMh6Qe7VLOhI:E3wN

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Executes dropped EXE

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks