General

  • Target

    70b01d8214ac8072450dc3ae35781095

  • Size

    512KB

  • Sample

    240123-13sv7sbaer

  • MD5

    70b01d8214ac8072450dc3ae35781095

  • SHA1

    821cbf7dc8e00b29d2105b945515e7f543f59c91

  • SHA256

    4fee0b5d7339bc9c76a1822054c4232bac7de07acfd59a1aed90fbfc07bc313d

  • SHA512

    af1705c746f80e09bcc146419966dd57b2e4ec301b2523cae5a5b9a6c9d348ed5f89ef4a4be21de64021bbe17071feb07153e38c7852e0cff41b3f8288c14b98

  • SSDEEP

    12288:EnulnLFMImjjyP5fds3Z1AHuSMpVK6FZTR5BjmsdTCANoXD:vBFuIy3Za3Mps4r3dTCKoXD

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      70b01d8214ac8072450dc3ae35781095

    • Size

      512KB

    • MD5

      70b01d8214ac8072450dc3ae35781095

    • SHA1

      821cbf7dc8e00b29d2105b945515e7f543f59c91

    • SHA256

      4fee0b5d7339bc9c76a1822054c4232bac7de07acfd59a1aed90fbfc07bc313d

    • SHA512

      af1705c746f80e09bcc146419966dd57b2e4ec301b2523cae5a5b9a6c9d348ed5f89ef4a4be21de64021bbe17071feb07153e38c7852e0cff41b3f8288c14b98

    • SSDEEP

      12288:EnulnLFMImjjyP5fds3Z1AHuSMpVK6FZTR5BjmsdTCANoXD:vBFuIy3Za3Mps4r3dTCKoXD

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks