General

  • Target

    Water_Adobe_Scan_Feb_27_2024.pdf

  • Size

    1011KB

  • Sample

    240229-2dp9fsec8w

  • MD5

    79c9682e3d336e6fe8def3c4d33e5b29

  • SHA1

    aaf833f0e5f620a8b84d7790d62d5c9cc0e64aa4

  • SHA256

    6b87d771156f68d09093d798abb1abd7fa4c1f951affb629c1ee3cf2e423fb6d

  • SHA512

    5338d354704813bb476afba55fa37a70be90f28fce56bc53390dc97f69c071a423df0f94bf3e6ec66b90f0c85b1cab60b907c18945cc9d39f8270b4c2e998cad

  • SSDEEP

    12288:BMfmSu1qUHH0UQNCGf6ryEoX1MWV0NkeSmWKyLbLI6HVvjzx5nEsBCqdJX2G/7+h:B5DUSaXFFBQOzxlEsBl+ZpC8q8

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://76.128.80.129:9787/25goz-yhLfg-Kj8rW8s-wg4G7fAT8

Targets

    • Target

      Water_Adobe_Scan_Feb_27_2024.pdf

    • Size

      1011KB

    • MD5

      79c9682e3d336e6fe8def3c4d33e5b29

    • SHA1

      aaf833f0e5f620a8b84d7790d62d5c9cc0e64aa4

    • SHA256

      6b87d771156f68d09093d798abb1abd7fa4c1f951affb629c1ee3cf2e423fb6d

    • SHA512

      5338d354704813bb476afba55fa37a70be90f28fce56bc53390dc97f69c071a423df0f94bf3e6ec66b90f0c85b1cab60b907c18945cc9d39f8270b4c2e998cad

    • SSDEEP

      12288:BMfmSu1qUHH0UQNCGf6ryEoX1MWV0NkeSmWKyLbLI6HVvjzx5nEsBCqdJX2G/7+h:B5DUSaXFFBQOzxlEsBl+ZpC8q8

    Score
    1/10
    • Target

      Water_Adobe_Scan_Feb_27_2024.pdf

    • Size

      120KB

    • MD5

      1541e0bb046d31ba7eaa2fbf606df09c

    • SHA1

      de9c548823391fbcc02d598da5ee703d655005f7

    • SHA256

      ca26ea8e59fe41773d2b3652449ec3fc6a73edd6413b3109d2a7f04712ddc05b

    • SHA512

      4dd80e31f75d2d75f1dfcb74cc060863bef7541d455abdba4531e4fa5f622127f4f5369b49bdea79a79dcac4ca6cddda82e37f541b249f22de3000b1e7494561

    • SSDEEP

      1536:/zjoAkSVRoidt3NIEzK1I0ZjwZ61cBsYvIch8RwW0IHAufngu5Nr2O1vHkt9um:/HuSVKidFNI1ZRqORp4ufFm

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks