General

  • Target

    71013c2fbce711749e901cc6b5fe0c0f

  • Size

    135KB

  • Sample

    240124-a7tp7aeda2

  • MD5

    71013c2fbce711749e901cc6b5fe0c0f

  • SHA1

    be5d6b9c138a51c6f499bc7d06748976d0e5dcc4

  • SHA256

    986596412c6e4db352271c12ac27c73670c13a00df86b41705a57a50e5219dd6

  • SHA512

    d89e1aae58d277722be7244031ed1483ba12468e8afc3cb4aa7a174952f06b5480bb2dd7b2fa956035cc2d8b2ce1b69fabeae0b28babea60ddd0f8466b8fed12

  • SSDEEP

    3072:V9XcDDKwNu4FRk+yblof0BBT98ydHnb6gNPsudmPfTv8R:VMNuqRByef0BF98TkPVIHL

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      71013c2fbce711749e901cc6b5fe0c0f

    • Size

      135KB

    • MD5

      71013c2fbce711749e901cc6b5fe0c0f

    • SHA1

      be5d6b9c138a51c6f499bc7d06748976d0e5dcc4

    • SHA256

      986596412c6e4db352271c12ac27c73670c13a00df86b41705a57a50e5219dd6

    • SHA512

      d89e1aae58d277722be7244031ed1483ba12468e8afc3cb4aa7a174952f06b5480bb2dd7b2fa956035cc2d8b2ce1b69fabeae0b28babea60ddd0f8466b8fed12

    • SSDEEP

      3072:V9XcDDKwNu4FRk+yblof0BBT98ydHnb6gNPsudmPfTv8R:VMNuqRByef0BF98TkPVIHL

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks