General

  • Target

    7073233963ce007e7be62b37de5a9823

  • Size

    159KB

  • Sample

    240123-yxafkahbd9

  • MD5

    7073233963ce007e7be62b37de5a9823

  • SHA1

    3ad526d39525c940f7632790764e83285f40536c

  • SHA256

    622e4340431d18c7789dff02bdfdcfdc3db0450ba12c6ceaa9c5bca18f0499f2

  • SHA512

    ceccaf59906c78dc429919cbacc939cd2a6f450ecd5e532a5ed44989a7bae57348b9fc55d36b9316c95eb4bbe66809a184a06b15dbb0fdeeb7625ec532e34af1

  • SSDEEP

    3072:nrcBiVV+MJORyYlEkrKhojWFyj8Ins990tUZqxpqqHrR+ig8mYzo3Sg7:rRVVzJUEkrGojJIIs990tUZaqOK/

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      7073233963ce007e7be62b37de5a9823

    • Size

      159KB

    • MD5

      7073233963ce007e7be62b37de5a9823

    • SHA1

      3ad526d39525c940f7632790764e83285f40536c

    • SHA256

      622e4340431d18c7789dff02bdfdcfdc3db0450ba12c6ceaa9c5bca18f0499f2

    • SHA512

      ceccaf59906c78dc429919cbacc939cd2a6f450ecd5e532a5ed44989a7bae57348b9fc55d36b9316c95eb4bbe66809a184a06b15dbb0fdeeb7625ec532e34af1

    • SSDEEP

      3072:nrcBiVV+MJORyYlEkrKhojWFyj8Ins990tUZqxpqqHrR+ig8mYzo3Sg7:rRVVzJUEkrGojJIIs990tUZaqOK/

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Modifies firewall policy service

    • Modifies security service

    • Windows security bypass

    • Looks for VMWare Tools registry key

    • Deletes itself

    • Executes dropped EXE

    • Windows security modification

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks