General

  • Target

    9068fd925f0fc2b11e50ff88e80f7d8278f6898ba87a9ed9389f9057048069a5

  • Size

    1.8MB

  • Sample

    240404-hz7wvaha7w

  • MD5

    d2fc61bcc2c2d92ba0737fe78b1fa323

  • SHA1

    92cccf9aececc3554a9b06c1af4b3a48aa0c58ee

  • SHA256

    9068fd925f0fc2b11e50ff88e80f7d8278f6898ba87a9ed9389f9057048069a5

  • SHA512

    9747d8f178802124fc6530819a73028236a49db0907358bf21c3c36822482de3e677098d6397178179b7eb28a7bda4b6dfffd24a511efbc6335910f04d224a32

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09dOGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ1PxJIiW0MbQxA

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Targets

    • Target

      9068fd925f0fc2b11e50ff88e80f7d8278f6898ba87a9ed9389f9057048069a5

    • Size

      1.8MB

    • MD5

      d2fc61bcc2c2d92ba0737fe78b1fa323

    • SHA1

      92cccf9aececc3554a9b06c1af4b3a48aa0c58ee

    • SHA256

      9068fd925f0fc2b11e50ff88e80f7d8278f6898ba87a9ed9389f9057048069a5

    • SHA512

      9747d8f178802124fc6530819a73028236a49db0907358bf21c3c36822482de3e677098d6397178179b7eb28a7bda4b6dfffd24a511efbc6335910f04d224a32

    • SSDEEP

      24576:/3vLRdVhZBK8NogWYO09dOGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ1PxJIiW0MbQxA

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks