General

  • Target

    6cbd762b7b7d9a844a015476af539b6e

  • Size

    288KB

  • Sample

    240121-jjcw7shde4

  • MD5

    6cbd762b7b7d9a844a015476af539b6e

  • SHA1

    f1e871235051695c286e20e1d18ade08f26d7a2a

  • SHA256

    bb37528d1b84d5c8102dca14e5082e9a8b70d49872c9cb0280cb724f13906e3f

  • SHA512

    c5de15ebf6b203e6861d0f3a1f3cc7421198ea21050184a18fd5a69c711111de1e5eaab6de0f1309cea5b1a8964a67a9019efb2b0cc758f9a6d2582655a3d565

  • SSDEEP

    6144:tvBKHKJHUziYCzK51nMTjJKuXTBKsAhcSUvVBknR:tvBKHKJU+YCzK51MTEuXTJ0wsR

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      6cbd762b7b7d9a844a015476af539b6e

    • Size

      288KB

    • MD5

      6cbd762b7b7d9a844a015476af539b6e

    • SHA1

      f1e871235051695c286e20e1d18ade08f26d7a2a

    • SHA256

      bb37528d1b84d5c8102dca14e5082e9a8b70d49872c9cb0280cb724f13906e3f

    • SHA512

      c5de15ebf6b203e6861d0f3a1f3cc7421198ea21050184a18fd5a69c711111de1e5eaab6de0f1309cea5b1a8964a67a9019efb2b0cc758f9a6d2582655a3d565

    • SSDEEP

      6144:tvBKHKJHUziYCzK51nMTjJKuXTBKsAhcSUvVBknR:tvBKHKJU+YCzK51MTEuXTJ0wsR

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks