General

  • Target

    6b3ac0ce537ec531f56279aebe062daf

  • Size

    169KB

  • Sample

    240120-xwrg1sfeb2

  • MD5

    6b3ac0ce537ec531f56279aebe062daf

  • SHA1

    ff71967a7d5a21f456369c03ae094d11ed02f59a

  • SHA256

    580579da2c0123f22bab25c0caabcf89e725100861df555c69a37a60c8912424

  • SHA512

    62810949b5455f251a64f1ce8724b51e2e75f01596e82750cf5b523bb48a9ce90aa907d662c53a833f702c3f6dba4eb13cdc3edeb850e889fc973526879c45e4

  • SSDEEP

    3072:aye9ozJAq+iusjLrpzMm1ZeGLoMT8ZpomXAk0kQuZ/YbF9hUX:Ve9oNdjLrEWTbm5T7ZcSX

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      6b3ac0ce537ec531f56279aebe062daf

    • Size

      169KB

    • MD5

      6b3ac0ce537ec531f56279aebe062daf

    • SHA1

      ff71967a7d5a21f456369c03ae094d11ed02f59a

    • SHA256

      580579da2c0123f22bab25c0caabcf89e725100861df555c69a37a60c8912424

    • SHA512

      62810949b5455f251a64f1ce8724b51e2e75f01596e82750cf5b523bb48a9ce90aa907d662c53a833f702c3f6dba4eb13cdc3edeb850e889fc973526879c45e4

    • SSDEEP

      3072:aye9ozJAq+iusjLrpzMm1ZeGLoMT8ZpomXAk0kQuZ/YbF9hUX:Ve9oNdjLrEWTbm5T7ZcSX

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks