General

  • Target

    7fa3945a50d01af8ddcb5c640718109f762e5325bf639d5f7820ebcae08b7642

  • Size

    1.8MB

  • Sample

    240404-htl27agh7z

  • MD5

    a72a6fabb4098e624886a1b7d620c568

  • SHA1

    e66aa3cf75d774273965008737f9233fbaba2663

  • SHA256

    7fa3945a50d01af8ddcb5c640718109f762e5325bf639d5f7820ebcae08b7642

  • SHA512

    f8d86c51aa80ecd361636a6abdf6ec64d15fcf0327c1a683d86f8d9fd1ae41f7b955a191ad873ea466c970537738bab0b26110c37ec7c3ebb9160a447b3433dc

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09wOGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ10xJIiW0MbQxA

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Targets

    • Target

      7fa3945a50d01af8ddcb5c640718109f762e5325bf639d5f7820ebcae08b7642

    • Size

      1.8MB

    • MD5

      a72a6fabb4098e624886a1b7d620c568

    • SHA1

      e66aa3cf75d774273965008737f9233fbaba2663

    • SHA256

      7fa3945a50d01af8ddcb5c640718109f762e5325bf639d5f7820ebcae08b7642

    • SHA512

      f8d86c51aa80ecd361636a6abdf6ec64d15fcf0327c1a683d86f8d9fd1ae41f7b955a191ad873ea466c970537738bab0b26110c37ec7c3ebb9160a447b3433dc

    • SSDEEP

      24576:/3vLRdVhZBK8NogWYO09wOGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ10xJIiW0MbQxA

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks