General

  • Target

    a0c30e75522335709bda99a9aeb26fb37c4456a5fb4a6f0ed7bf0222352ad656.ps1

  • Size

    248B

  • Sample

    240404-cpzjtsca5s

  • MD5

    94c799d8340a615c6d0a834b09ec78de

  • SHA1

    c091d4aa55499c5ad499e964b7c82252fda4a5b0

  • SHA256

    a0c30e75522335709bda99a9aeb26fb37c4456a5fb4a6f0ed7bf0222352ad656

  • SHA512

    a11b5bb5045b4732309e9be2d5d488f265f8b56614c90cf4f04b195d1e51b4c3901b5bac8ae7417dbb490817740987bf36784a2fa3af51f188f6673e9e40f3f6

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://104.248.6.145:8000/met8443.dll

Extracted

Family

metasploit

Version

metasploit_stager

C2

104.248.6.145:8443

Targets

    • Target

      a0c30e75522335709bda99a9aeb26fb37c4456a5fb4a6f0ed7bf0222352ad656.ps1

    • Size

      248B

    • MD5

      94c799d8340a615c6d0a834b09ec78de

    • SHA1

      c091d4aa55499c5ad499e964b7c82252fda4a5b0

    • SHA256

      a0c30e75522335709bda99a9aeb26fb37c4456a5fb4a6f0ed7bf0222352ad656

    • SHA512

      a11b5bb5045b4732309e9be2d5d488f265f8b56614c90cf4f04b195d1e51b4c3901b5bac8ae7417dbb490817740987bf36784a2fa3af51f188f6673e9e40f3f6

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

MITRE ATT&CK Matrix

Tasks