General

  • Target

    d07289e0a36b684ab1713487300a12afc15a2e63e500cd3410fb02625274c40c

  • Size

    7.5MB

  • Sample

    240330-n5yg9afa99

  • MD5

    fbd3b3d1068a63d0f590b7c648e7d9ac

  • SHA1

    eff889d0af9514940521e5250fda13ab11637844

  • SHA256

    d07289e0a36b684ab1713487300a12afc15a2e63e500cd3410fb02625274c40c

  • SHA512

    006d71b0735211bac342912fad59b792d58e46b5e5e9fec931ceb66d587fa56f834b18791ea8b18e0f0e09e4eb6af41aa97a1b95c7532490651882277e5d2142

  • SSDEEP

    196608:q6F2SW2A/+B/m0iuFvhsadjS20dNOM/5:L289f5xhsoS20dNDh

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

103.146.230.238:9612

Targets

    • Target

      d07289e0a36b684ab1713487300a12afc15a2e63e500cd3410fb02625274c40c

    • Size

      7.5MB

    • MD5

      fbd3b3d1068a63d0f590b7c648e7d9ac

    • SHA1

      eff889d0af9514940521e5250fda13ab11637844

    • SHA256

      d07289e0a36b684ab1713487300a12afc15a2e63e500cd3410fb02625274c40c

    • SHA512

      006d71b0735211bac342912fad59b792d58e46b5e5e9fec931ceb66d587fa56f834b18791ea8b18e0f0e09e4eb6af41aa97a1b95c7532490651882277e5d2142

    • SSDEEP

      196608:q6F2SW2A/+B/m0iuFvhsadjS20dNOM/5:L289f5xhsoS20dNDh

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks