General

  • Target

    70c7860b65f1f5119858ce4f39b28e09

  • Size

    221KB

  • Sample

    240123-2xb6yabhhp

  • MD5

    70c7860b65f1f5119858ce4f39b28e09

  • SHA1

    7bf42148ddc7dc42c45f7e751c222f5f4ef1ce76

  • SHA256

    3d49c9eb5eb0e037bdd3de8a274c14db30a8b95924ff63853ed9e06ab9eaf2ef

  • SHA512

    d2ddce1a474fe26e285a2f239d0eb6b322c84092e1918805fe7422edbe73d65b427ebe84f5a2d9a2130759b0ac05c9f5cfcc629eb62e44aa3f4d2ab82c9dd973

  • SSDEEP

    6144:gVDw2XDUtI6h0hGARrVlHy03MEMnODW1AbLxWKX68MSk1WWW:gFVAtu/rx5BDW1yLxZk1WWW

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

    • Target

      70c7860b65f1f5119858ce4f39b28e09

    • Size

      221KB

    • MD5

      70c7860b65f1f5119858ce4f39b28e09

    • SHA1

      7bf42148ddc7dc42c45f7e751c222f5f4ef1ce76

    • SHA256

      3d49c9eb5eb0e037bdd3de8a274c14db30a8b95924ff63853ed9e06ab9eaf2ef

    • SHA512

      d2ddce1a474fe26e285a2f239d0eb6b322c84092e1918805fe7422edbe73d65b427ebe84f5a2d9a2130759b0ac05c9f5cfcc629eb62e44aa3f4d2ab82c9dd973

    • SSDEEP

      6144:gVDw2XDUtI6h0hGARrVlHy03MEMnODW1AbLxWKX68MSk1WWW:gFVAtu/rx5BDW1yLxZk1WWW

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks