General

  • Target

    6c62e1c5e139124e75053b118c2cf26a

  • Size

    96KB

  • Sample

    240121-fd5s9aegen

  • MD5

    6c62e1c5e139124e75053b118c2cf26a

  • SHA1

    ff1c6fbe7e9bb27e5f767e06f9ff6422476c4d89

  • SHA256

    2e83c50921a3dd24722fc6199cb07b3a437224301156a559d686126441a3514c

  • SHA512

    d5a7191c110a6aa9fd229334332c67cbbc758a4a7ab02c43dbfc9161731c766b68af093da7ccec34a561b8f1bf557b1e74aa1423a268cd0c9f2120de4260d15d

  • SSDEEP

    1536:hEVZ6ZqyTYPxulloISgZyyKiTGojvDBN4SUMtrOI5VgZWv4lGLgBHcuaVRgrbl:ObyUwHVzZkeGojvLv7MI5Vgi482HcuWg

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      6c62e1c5e139124e75053b118c2cf26a

    • Size

      96KB

    • MD5

      6c62e1c5e139124e75053b118c2cf26a

    • SHA1

      ff1c6fbe7e9bb27e5f767e06f9ff6422476c4d89

    • SHA256

      2e83c50921a3dd24722fc6199cb07b3a437224301156a559d686126441a3514c

    • SHA512

      d5a7191c110a6aa9fd229334332c67cbbc758a4a7ab02c43dbfc9161731c766b68af093da7ccec34a561b8f1bf557b1e74aa1423a268cd0c9f2120de4260d15d

    • SSDEEP

      1536:hEVZ6ZqyTYPxulloISgZyyKiTGojvDBN4SUMtrOI5VgZWv4lGLgBHcuaVRgrbl:ObyUwHVzZkeGojvLv7MI5Vgi482HcuWg

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks