General

  • Target

    6f835b6c3057fcc816392c3b72740345

  • Size

    232KB

  • Sample

    240122-m7bwlaeggj

  • MD5

    6f835b6c3057fcc816392c3b72740345

  • SHA1

    1101247576532083c6b3a87ff52fc9ccd588668a

  • SHA256

    55cea4bf97f08c33c864615a119c6b4ffc090069bbb7b4d64d2c7dd0e19dad59

  • SHA512

    a4d583ea616c8b0e48edc6b74b419ff637e2f8b29cc98179e76ecf08968b4fb56ac2b4ceb7cb45626f444a2157fe64f78037389bfe084c5e633e50977c1ec533

  • SSDEEP

    3072:BsLEbdIlxJ5SKlVgUtuN1OtH8OVtddjgctRSO8DjqmJxZSacqSt2PZgRvIL:CQSD3Nt1cE8XqmJnpPZce

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      6f835b6c3057fcc816392c3b72740345

    • Size

      232KB

    • MD5

      6f835b6c3057fcc816392c3b72740345

    • SHA1

      1101247576532083c6b3a87ff52fc9ccd588668a

    • SHA256

      55cea4bf97f08c33c864615a119c6b4ffc090069bbb7b4d64d2c7dd0e19dad59

    • SHA512

      a4d583ea616c8b0e48edc6b74b419ff637e2f8b29cc98179e76ecf08968b4fb56ac2b4ceb7cb45626f444a2157fe64f78037389bfe084c5e633e50977c1ec533

    • SSDEEP

      3072:BsLEbdIlxJ5SKlVgUtuN1OtH8OVtddjgctRSO8DjqmJxZSacqSt2PZgRvIL:CQSD3Nt1cE8XqmJnpPZce

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks