General

  • Target

    0015ff099bfe6db3ad0140b89f6d950cf59510a16aa871be69d1fb77909078b0

  • Size

    5.0MB

  • Sample

    240117-lg8xzaddd4

  • MD5

    bd0707fba6e2afdcea44e9e926dd15d8

  • SHA1

    609b18501328fbf088d1f8e4135bf5f6777cecce

  • SHA256

    0015ff099bfe6db3ad0140b89f6d950cf59510a16aa871be69d1fb77909078b0

  • SHA512

    5f78957b673ab5fc57dcfc8450797c65c47b43236017dc551826667c012f939c744cbf374d1c37bb9c2d6245b0f7f7e95128795678b5c47e8c182b4e7a93a98d

  • SSDEEP

    49152:RX4YuvLkpJZficvhYKicHpdK0BiqhR7dYAMiJyujasIu7X+llMyXpx8aQ4gbVLOu:KNYk

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

104.194.78.162:9003

Targets

    • Target

      0015ff099bfe6db3ad0140b89f6d950cf59510a16aa871be69d1fb77909078b0

    • Size

      5.0MB

    • MD5

      bd0707fba6e2afdcea44e9e926dd15d8

    • SHA1

      609b18501328fbf088d1f8e4135bf5f6777cecce

    • SHA256

      0015ff099bfe6db3ad0140b89f6d950cf59510a16aa871be69d1fb77909078b0

    • SHA512

      5f78957b673ab5fc57dcfc8450797c65c47b43236017dc551826667c012f939c744cbf374d1c37bb9c2d6245b0f7f7e95128795678b5c47e8c182b4e7a93a98d

    • SSDEEP

      49152:RX4YuvLkpJZficvhYKicHpdK0BiqhR7dYAMiJyujasIu7X+llMyXpx8aQ4gbVLOu:KNYk

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks