General

  • Target

    61e54989f6ac2aea6910d41776c24a66

  • Size

    366KB

  • Sample

    240117-gkzfgsaee6

  • MD5

    61e54989f6ac2aea6910d41776c24a66

  • SHA1

    e4d609ba221fe9702432a59d07da1ee458fd72cd

  • SHA256

    199bf3de824069fd794e61f830bd5a000f1b722d4344e9481c47a8f12d7684d0

  • SHA512

    546b4e9547be159f4af14dc61ea2ff28437f6d1cc2c623061866414d558a37c7e1f1265878a75c3d9a451d838db559562af9cc2c984f8423c000db9942ffe0a9

  • SSDEEP

    6144:dUjbqpJZ/x77j/jRbbnYy8upJ+8h5g5qqCGq1K2HD2EzsET8p2r4pnZgZNm7wni:dUipX/tbtbbX8uz+qg5qV0CFzsE9roZr

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

    • Target

      61e54989f6ac2aea6910d41776c24a66

    • Size

      366KB

    • MD5

      61e54989f6ac2aea6910d41776c24a66

    • SHA1

      e4d609ba221fe9702432a59d07da1ee458fd72cd

    • SHA256

      199bf3de824069fd794e61f830bd5a000f1b722d4344e9481c47a8f12d7684d0

    • SHA512

      546b4e9547be159f4af14dc61ea2ff28437f6d1cc2c623061866414d558a37c7e1f1265878a75c3d9a451d838db559562af9cc2c984f8423c000db9942ffe0a9

    • SSDEEP

      6144:dUjbqpJZ/x77j/jRbbnYy8upJ+8h5g5qqCGq1K2HD2EzsET8p2r4pnZgZNm7wni:dUipX/tbtbbX8uz+qg5qV0CFzsE9roZr

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks