General

  • Target

    6b3b4679182040e77315ac6391efb533

  • Size

    239KB

  • Sample

    240120-xxa7esfaek

  • MD5

    6b3b4679182040e77315ac6391efb533

  • SHA1

    34d6d94a3155e104ac5e0a9c236971d202e4309e

  • SHA256

    768306c403ad3005c50faff01798339242c204d36e39c922248d7d0e30834abf

  • SHA512

    5956fa3e2251a07a285c5030e2a8c5c7c19066b86e8146957dcec0d69d4e23fb7c68970e94b8a5e5e6a3e94b553483d58946fec5e99ea66fd9f775fc86c5f3d3

  • SSDEEP

    6144:nWD/lbx4dWyeFLWwEUQkPZet+UyaG91YHTIJfBizQH:nK/lbGItvEhkPZKG9eHTIJIkH

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      6b3b4679182040e77315ac6391efb533

    • Size

      239KB

    • MD5

      6b3b4679182040e77315ac6391efb533

    • SHA1

      34d6d94a3155e104ac5e0a9c236971d202e4309e

    • SHA256

      768306c403ad3005c50faff01798339242c204d36e39c922248d7d0e30834abf

    • SHA512

      5956fa3e2251a07a285c5030e2a8c5c7c19066b86e8146957dcec0d69d4e23fb7c68970e94b8a5e5e6a3e94b553483d58946fec5e99ea66fd9f775fc86c5f3d3

    • SSDEEP

      6144:nWD/lbx4dWyeFLWwEUQkPZet+UyaG91YHTIJfBizQH:nK/lbGItvEhkPZKG9eHTIJIkH

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks