General

  • Target

    6dd2c71fa4b1627af5f2f5c2297114c9

  • Size

    174KB

  • Sample

    240121-x1hexahca6

  • MD5

    6dd2c71fa4b1627af5f2f5c2297114c9

  • SHA1

    a5d3e31ba83afab3d5fd7f2155632e1384fcdefb

  • SHA256

    544c6fb7cd6551ed69623b5f1f728b46e20e183e871328bbb731988602bcb1ba

  • SHA512

    8fe0586578b7ca04374d7c4d1107cc2aa55cc804a6cabeddcda9487322a3495d101c74e40bfe3bd50db4303931012ef59eac55f476ce37d8a978b0ce055b4ee3

  • SSDEEP

    3072:w6V2H12f5cNyF5N9ntJrS1/dSnILItdzk1+3nyyicvT0ycrE8H+Q+Ya8x:WH1dutVnILkzOyzApx

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      6dd2c71fa4b1627af5f2f5c2297114c9

    • Size

      174KB

    • MD5

      6dd2c71fa4b1627af5f2f5c2297114c9

    • SHA1

      a5d3e31ba83afab3d5fd7f2155632e1384fcdefb

    • SHA256

      544c6fb7cd6551ed69623b5f1f728b46e20e183e871328bbb731988602bcb1ba

    • SHA512

      8fe0586578b7ca04374d7c4d1107cc2aa55cc804a6cabeddcda9487322a3495d101c74e40bfe3bd50db4303931012ef59eac55f476ce37d8a978b0ce055b4ee3

    • SSDEEP

      3072:w6V2H12f5cNyF5N9ntJrS1/dSnILItdzk1+3nyyicvT0ycrE8H+Q+Ya8x:WH1dutVnILkzOyzApx

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks