General

  • Target

    a80e3f09dc0932cf79156b7d759a523a6f00ece6c137dfbc2fdd6d018b30eb2a

  • Size

    1.8MB

  • Sample

    240120-x8h2eafcfr

  • MD5

    ed31d7f934d49a6703eb7fd798ca3aff

  • SHA1

    10629cb657cb00ab943e013bde2ed194982781e8

  • SHA256

    a80e3f09dc0932cf79156b7d759a523a6f00ece6c137dfbc2fdd6d018b30eb2a

  • SHA512

    2b602ee78841f6cfd5ed3c63992694a6851e29036406d601c5e498f7fed2f6b5c138ce2c13392fdc94faf4f6739429f867f26fc65e38804a34b4ba2c4f498b82

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO096OGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ12xJIiW0MbQxA

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Targets

    • Target

      a80e3f09dc0932cf79156b7d759a523a6f00ece6c137dfbc2fdd6d018b30eb2a

    • Size

      1.8MB

    • MD5

      ed31d7f934d49a6703eb7fd798ca3aff

    • SHA1

      10629cb657cb00ab943e013bde2ed194982781e8

    • SHA256

      a80e3f09dc0932cf79156b7d759a523a6f00ece6c137dfbc2fdd6d018b30eb2a

    • SHA512

      2b602ee78841f6cfd5ed3c63992694a6851e29036406d601c5e498f7fed2f6b5c138ce2c13392fdc94faf4f6739429f867f26fc65e38804a34b4ba2c4f498b82

    • SSDEEP

      24576:/3vLRdVhZBK8NogWYO096OGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ12xJIiW0MbQxA

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks