General

  • Target

    6e2ee4f2fb68cc5169594dc840eaa398

  • Size

    387KB

  • Sample

    240122-aarvbscfh6

  • MD5

    6e2ee4f2fb68cc5169594dc840eaa398

  • SHA1

    46ca1fa3d3305a71f45ab9811c333d7da804beb8

  • SHA256

    121a71d2d2e648797d46e361bc5c6d9a791f768ae9296d7152f055373f318742

  • SHA512

    84ae5e753c0f6f334d388547e916b87653f34763cda9c6c3614d66b9bc8efc536d0fac745ff1c11a092fbccc22b6a717e933c7327ac720a416ab109a583811d5

  • SSDEEP

    12288:9X20TpWzHwqTfxZs0BFB7/gjQNIEDlFvtt+stn:9X20VWzwKfxe2FG/WlNtbn

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

    • Target

      6e2ee4f2fb68cc5169594dc840eaa398

    • Size

      387KB

    • MD5

      6e2ee4f2fb68cc5169594dc840eaa398

    • SHA1

      46ca1fa3d3305a71f45ab9811c333d7da804beb8

    • SHA256

      121a71d2d2e648797d46e361bc5c6d9a791f768ae9296d7152f055373f318742

    • SHA512

      84ae5e753c0f6f334d388547e916b87653f34763cda9c6c3614d66b9bc8efc536d0fac745ff1c11a092fbccc22b6a717e933c7327ac720a416ab109a583811d5

    • SSDEEP

      12288:9X20TpWzHwqTfxZs0BFB7/gjQNIEDlFvtt+stn:9X20VWzwKfxe2FG/WlNtbn

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Modifies security service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks