General

  • Target

    met.ps1

  • Size

    243B

  • Sample

    240123-p2djcaaddq

  • MD5

    d619504e1401d57ccdbbafc98e203b12

  • SHA1

    a4b103bddb7f874f5337922c9f5750e188b8164d

  • SHA256

    5de9e52d170a6c62c8ea81dc8347ef8d12f2141691aa73cb6a5e8e2b9624c761

  • SHA512

    ee9c28fbc8b0cb969edd0b84f6f302ba542eddcaef37eaacf3f0fd28299fa8a7aa0b7ac54d16c3fb653e661f8c5e244e90aab4bee4916056cef5e2d985cd4026

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://165.22.23.200:8000/met.dll

Extracted

Family

metasploit

Version

metasploit_stager

C2

165.22.23.200:65443

Targets

    • Target

      met.ps1

    • Size

      243B

    • MD5

      d619504e1401d57ccdbbafc98e203b12

    • SHA1

      a4b103bddb7f874f5337922c9f5750e188b8164d

    • SHA256

      5de9e52d170a6c62c8ea81dc8347ef8d12f2141691aa73cb6a5e8e2b9624c761

    • SHA512

      ee9c28fbc8b0cb969edd0b84f6f302ba542eddcaef37eaacf3f0fd28299fa8a7aa0b7ac54d16c3fb653e661f8c5e244e90aab4bee4916056cef5e2d985cd4026

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

MITRE ATT&CK Matrix

Tasks