General

  • Target

    b38c50805347b551640cac5223de86b0f98e73fe7c786000411aae3517d6d583

  • Size

    3.6MB

  • Sample

    240122-zdjqkadeh3

  • MD5

    674273131768429eb76ae60b2c1b7b62

  • SHA1

    f107738be1d4a0c7306bbd7b21168093a1525244

  • SHA256

    b38c50805347b551640cac5223de86b0f98e73fe7c786000411aae3517d6d583

  • SHA512

    0826762c85337f767521c206c8f2232ea493f23f2f060a8f43c668b3b9c13b64b75b2d5adc6d6322b87b7b2fcbb859b4a02bc84652ab74381ee24f60fcc9db68

  • SSDEEP

    98304:HTyXLwBG1SqaMx+Ww1hWP0DG7nYKk5qt:HTBACwwDDI9iq

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.223.130:1453

Targets

    • Target

      b38c50805347b551640cac5223de86b0f98e73fe7c786000411aae3517d6d583

    • Size

      3.6MB

    • MD5

      674273131768429eb76ae60b2c1b7b62

    • SHA1

      f107738be1d4a0c7306bbd7b21168093a1525244

    • SHA256

      b38c50805347b551640cac5223de86b0f98e73fe7c786000411aae3517d6d583

    • SHA512

      0826762c85337f767521c206c8f2232ea493f23f2f060a8f43c668b3b9c13b64b75b2d5adc6d6322b87b7b2fcbb859b4a02bc84652ab74381ee24f60fcc9db68

    • SSDEEP

      98304:HTyXLwBG1SqaMx+Ww1hWP0DG7nYKk5qt:HTBACwwDDI9iq

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks