General

  • Target

    6b45c38593797c17709b01d961c281f3

  • Size

    159KB

  • Sample

    240120-x9eelsfge3

  • MD5

    6b45c38593797c17709b01d961c281f3

  • SHA1

    71b18d3951cb231699b73c2be4bf754ee392f015

  • SHA256

    ea807431d203c41e846619faa0461d2de00a487f4952de498011764200c8fed5

  • SHA512

    36e94b140bc0681176b484ba53cbb590cec621260c3277514cb21d851ec0a5e4c1eab0dff6b7a30f24ebf92f8a1c2c529b3916623bf2d75e9eba7ed3c268ab38

  • SSDEEP

    3072:xYnnggQfMnTumSxStF1x+vzLAbHyCEY0VWr/JUBt5Vx:x6nggQfmntF1PD3ElVWrBoD

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      6b45c38593797c17709b01d961c281f3

    • Size

      159KB

    • MD5

      6b45c38593797c17709b01d961c281f3

    • SHA1

      71b18d3951cb231699b73c2be4bf754ee392f015

    • SHA256

      ea807431d203c41e846619faa0461d2de00a487f4952de498011764200c8fed5

    • SHA512

      36e94b140bc0681176b484ba53cbb590cec621260c3277514cb21d851ec0a5e4c1eab0dff6b7a30f24ebf92f8a1c2c529b3916623bf2d75e9eba7ed3c268ab38

    • SSDEEP

      3072:xYnnggQfMnTumSxStF1x+vzLAbHyCEY0VWr/JUBt5Vx:x6nggQfmntF1PD3ElVWrBoD

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks