General

  • Target

    710d0f94bdbafa9c8fea31e1cee68ec3

  • Size

    138KB

  • Sample

    240124-bl13taegf8

  • MD5

    710d0f94bdbafa9c8fea31e1cee68ec3

  • SHA1

    27212dd4c3c1f3bfc824bc1396e524454f3ebbd4

  • SHA256

    8189ce03cc9aaf3bff8a2880ec7e43809858af1e16db629b86be33d6c9557fcb

  • SHA512

    bc4072139c9f718a6571917bc2653ca2584e964dfdb976b8bc8c0f8265d4188e5fa16f92f937cb79974177035e4fe39ba75545bb6a11dbdde455efd6e76c7117

  • SSDEEP

    3072:EXDYgAo12dmS7WYvMiPe2cZNedRKOxycw26cXa0RDozXgn:8jZ12dt7WxiPe28Ne3jMcw2pXa0ezM

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      710d0f94bdbafa9c8fea31e1cee68ec3

    • Size

      138KB

    • MD5

      710d0f94bdbafa9c8fea31e1cee68ec3

    • SHA1

      27212dd4c3c1f3bfc824bc1396e524454f3ebbd4

    • SHA256

      8189ce03cc9aaf3bff8a2880ec7e43809858af1e16db629b86be33d6c9557fcb

    • SHA512

      bc4072139c9f718a6571917bc2653ca2584e964dfdb976b8bc8c0f8265d4188e5fa16f92f937cb79974177035e4fe39ba75545bb6a11dbdde455efd6e76c7117

    • SSDEEP

      3072:EXDYgAo12dmS7WYvMiPe2cZNedRKOxycw26cXa0RDozXgn:8jZ12dt7WxiPe28Ne3jMcw2pXa0ezM

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks