General

  • Target

    7088fbce6590a3f1082137e127511d69

  • Size

    8.8MB

  • Sample

    240123-znmj7shefn

  • MD5

    7088fbce6590a3f1082137e127511d69

  • SHA1

    5d168ff707518821c86f3f0dea33553aec2a244a

  • SHA256

    91bdc2dbc42c8342ce107cef6dcbbf8c76d90283a69da3165f67cf19e1c44aeb

  • SHA512

    73927e598dd84fd92596db4b24be2e608dea434076c540d41f810f1e2cf53c82c1fe30a859215534d0abc9af8040b065319dbbc8ac46d21d3f49dc0295727f68

  • SSDEEP

    196608:sJuwS6TLCVe0mj/wvs/9sL1jcOytIsjTIImELIjHBAHH8Vz1pQVp:0LC3mIvbR8y08ImELWA8Vzg

Score
10/10

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

151.115.42.158:48277

Targets

    • Target

      7088fbce6590a3f1082137e127511d69

    • Size

      8.8MB

    • MD5

      7088fbce6590a3f1082137e127511d69

    • SHA1

      5d168ff707518821c86f3f0dea33553aec2a244a

    • SHA256

      91bdc2dbc42c8342ce107cef6dcbbf8c76d90283a69da3165f67cf19e1c44aeb

    • SHA512

      73927e598dd84fd92596db4b24be2e608dea434076c540d41f810f1e2cf53c82c1fe30a859215534d0abc9af8040b065319dbbc8ac46d21d3f49dc0295727f68

    • SSDEEP

      196608:sJuwS6TLCVe0mj/wvs/9sL1jcOytIsjTIImELIjHBAHH8Vz1pQVp:0LC3mIvbR8y08ImELWA8Vzg

    Score
    8/10
    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks