General

  • Target

    hysfors.exe

  • Size

    7KB

  • Sample

    240122-c6fhaaefal

  • MD5

    7d6b7776f22725f3243703591047788d

  • SHA1

    28832497e392e267ddd8380af02b6c9e651364eb

  • SHA256

    b53b37a5d6609f40c61ed710042efc401b6e374eb8e43d0d6168cdbd3f6295da

  • SHA512

    146ad8f087ee6441c8a4e4f6672f0efbc732eb585b2f4dee2126fd8276517584e88615a2c442652bf06e321b5c64e1f6a2c865e63dca8409470aecf312580c81

  • SSDEEP

    24:eFGStrJ9u0/6FanZdkBQAV2oOxfYKZqxeNDMSCvOXpmB:is0MSkBQhxwvSD9C2kB

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

193.161.193.99:44039

Targets

    • Target

      hysfors.exe

    • Size

      7KB

    • MD5

      7d6b7776f22725f3243703591047788d

    • SHA1

      28832497e392e267ddd8380af02b6c9e651364eb

    • SHA256

      b53b37a5d6609f40c61ed710042efc401b6e374eb8e43d0d6168cdbd3f6295da

    • SHA512

      146ad8f087ee6441c8a4e4f6672f0efbc732eb585b2f4dee2126fd8276517584e88615a2c442652bf06e321b5c64e1f6a2c865e63dca8409470aecf312580c81

    • SSDEEP

      24:eFGStrJ9u0/6FanZdkBQAV2oOxfYKZqxeNDMSCvOXpmB:is0MSkBQhxwvSD9C2kB

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

MITRE ATT&CK Enterprise v15

Tasks