General

  • Target

    6edc093990915b0abb5dba3fc74b2865

  • Size

    168KB

  • Sample

    240122-gbjcxaheen

  • MD5

    6edc093990915b0abb5dba3fc74b2865

  • SHA1

    c2c90318513b04cfcc90fd4eb4338d1ea22b67f3

  • SHA256

    20621716fb9682a544cfb8e34aa92cf14221d9b752657c7cf98500e93ca4ff2b

  • SHA512

    655bf08e34ecb686281fc9401a73ffd659d04f70bf0cea60a77379d7ee2c3047bcd82dfffd10d06d4ee98b0038d8824769104cda90d805726207fa73716738c1

  • SSDEEP

    3072:nS64Tw1Wftp52Oc8MqGElZa/KA7hfK+cQZFXRtY/SuE8ku+OIW1U3Ztz9BQ8Es:6w1Wfq89GElZgK0hStkF7aS18F+ODSp1

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      6edc093990915b0abb5dba3fc74b2865

    • Size

      168KB

    • MD5

      6edc093990915b0abb5dba3fc74b2865

    • SHA1

      c2c90318513b04cfcc90fd4eb4338d1ea22b67f3

    • SHA256

      20621716fb9682a544cfb8e34aa92cf14221d9b752657c7cf98500e93ca4ff2b

    • SHA512

      655bf08e34ecb686281fc9401a73ffd659d04f70bf0cea60a77379d7ee2c3047bcd82dfffd10d06d4ee98b0038d8824769104cda90d805726207fa73716738c1

    • SSDEEP

      3072:nS64Tw1Wftp52Oc8MqGElZa/KA7hfK+cQZFXRtY/SuE8ku+OIW1U3Ztz9BQ8Es:6w1Wfq89GElZgK0hStkF7aS18F+ODSp1

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks