General

  • Target

    6d50b80765be25fb693c82b1e1b64a0c

  • Size

    43KB

  • Sample

    240121-ppw5xscgar

  • MD5

    6d50b80765be25fb693c82b1e1b64a0c

  • SHA1

    af6da1db2bf97f33d03f8931f38677fa42a86a94

  • SHA256

    29a01880e269ca6fc7d33d535ea9ee660f395253eb38d756e99f6452bb35ccc8

  • SHA512

    a20a03f7d86dd3cd24dac928b74332c7e9ad3114e56eea7589cbd4cf8e4798d5b1e5ed22582e5129e518bb5d9657e90aca593c6ae52629bc5b12ce9dfbbc4a81

  • SSDEEP

    768:40hNv6tOXbX5faZByW8BzhkCYMnGwj4Xpuwo6UlMwSYqpIhSltu58nc:4ENv6krXtaZwBdT4Zu9/lXh2tu58c

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      aadrive32.exe

    • Size

      72KB

    • MD5

      cd3858270caa405f3741202d793b0858

    • SHA1

      01e28df7eaa5b6b8b103fe66cb3a4e2e76be620a

    • SHA256

      19d39e213ed8c48c58881363637a7f58ad0bc1ddba3af8d82740f30ddd901603

    • SHA512

      d7f26a670f4717a989f8dd4cb9e70b043766608b0786602d7e86eba9ac0584489af134a3b27ff0aff8ded98909d174a3d57b58d6728f63ffe3407476ac9a3f1b

    • SSDEEP

      1536:zoJkCmdlq4hIR1NtPgQl3q5MMC3fDL2ssYVBt41462MTaUMMnMMMMMQqvuOYQIYp:zLdlq4hINllqM3f/5UMMnMMMMMX7I7Da

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks