General

  • Target

    523d75144c7a7c4baf6bb4fc17d888a663a3ab060e2f1e4865a4efc9a72539f5

  • Size

    1.7MB

  • Sample

    240117-jcf1aaahfm

  • MD5

    ce0bb05e5604dfaed9e05958612c4382

  • SHA1

    982a94bc8969e7cf3f88cb4f574be7c6b8ac4ff0

  • SHA256

    523d75144c7a7c4baf6bb4fc17d888a663a3ab060e2f1e4865a4efc9a72539f5

  • SHA512

    8fe2bff1ecb49502346c99efcf04d431be3bae0a9427d1a58cf42bb51602545e1d0cd188188f9af4936fee3b69d6853387244f58eabde056fe8e72b602dcc64d

  • SSDEEP

    49152:oeNIq8D4EAQ9+5/34BjIsC15/Gp4h1LC979wt6Fs:978sg+5f4BO15q4h1LC9Rwys

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

104.194.78.162:4444

Targets

    • Target

      523d75144c7a7c4baf6bb4fc17d888a663a3ab060e2f1e4865a4efc9a72539f5

    • Size

      1.7MB

    • MD5

      ce0bb05e5604dfaed9e05958612c4382

    • SHA1

      982a94bc8969e7cf3f88cb4f574be7c6b8ac4ff0

    • SHA256

      523d75144c7a7c4baf6bb4fc17d888a663a3ab060e2f1e4865a4efc9a72539f5

    • SHA512

      8fe2bff1ecb49502346c99efcf04d431be3bae0a9427d1a58cf42bb51602545e1d0cd188188f9af4936fee3b69d6853387244f58eabde056fe8e72b602dcc64d

    • SSDEEP

      49152:oeNIq8D4EAQ9+5/34BjIsC15/Gp4h1LC979wt6Fs:978sg+5f4BO15q4h1LC9Rwys

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks