General

  • Target

    5269efecee3f7c86ac81e694f86a88e9.bin

  • Size

    6KB

  • Sample

    240404-bt91paba96

  • MD5

    aea119bd9db7d9fc2bf0bd2ea83e6115

  • SHA1

    23ad5839f45e6ae43e91b0f3e49e34f7ff6995c8

  • SHA256

    209bd14f39388bf6edaad01bc5e663e23e6bf14f13511e1f0e5d098d26cfe874

  • SHA512

    25008d6afe291aa96b9b7371d95185de349c6b201d014647cc823610b49a14175d4ba32e1cbc332979e29d49f5446e4df7bc6b40e766794fdcc7473784533c5f

  • SSDEEP

    96:AFewMvN31nC1+NVXL3gKc1zt0bs39sRpLMuh2H9XBRiFADnNlzCxJG5XfdQ:Yew8TEkLQyy9EpLMliF4NBCxJkXu

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

10.42.22.46:4545

Targets

    • Target

      5883edb9925918fb783261b08751ebdbf487811269643dae5ab55029d301ff52.msi

    • Size

      156KB

    • MD5

      5269efecee3f7c86ac81e694f86a88e9

    • SHA1

      5cf41171bbc75097083f1453fc54a1fd39ef873d

    • SHA256

      5883edb9925918fb783261b08751ebdbf487811269643dae5ab55029d301ff52

    • SHA512

      9d543a44b9e76496a80c208f82e842cb61cd9345f92a574b048d5152675e9596f97b36d91c4e8adc48ef649c452b012a5628da629ebf57bbe4ae41354d2ee88b

    • SSDEEP

      384:iHpe4ZvJXK7gzFM7Wu8A7QoXgZs+5BCq26yy3M5BCqPN:Zmxa7gBMyugDCUyWMDC

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks