General

  • Target

    34a398120fec69c638faada06a3710dd154d6b193d484a12ab7a8058187a5ff9

  • Size

    1.8MB

  • Sample

    240404-jxsjtahh9s

  • MD5

    3564975288d72af8eb62f1b8e5cf0285

  • SHA1

    7609a0c658f4cf18597d20c54af4c1db38e6653d

  • SHA256

    34a398120fec69c638faada06a3710dd154d6b193d484a12ab7a8058187a5ff9

  • SHA512

    311c3b1618a8e329c33daee9b5222e224d6f1a3cea893b73797e91e4ae57aebb5853a11061b0cdca7a091f6854d6040e76404a26c58273868cb3716de441382c

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09jOGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ1txJIiW0MbQxA

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Targets

    • Target

      34a398120fec69c638faada06a3710dd154d6b193d484a12ab7a8058187a5ff9

    • Size

      1.8MB

    • MD5

      3564975288d72af8eb62f1b8e5cf0285

    • SHA1

      7609a0c658f4cf18597d20c54af4c1db38e6653d

    • SHA256

      34a398120fec69c638faada06a3710dd154d6b193d484a12ab7a8058187a5ff9

    • SHA512

      311c3b1618a8e329c33daee9b5222e224d6f1a3cea893b73797e91e4ae57aebb5853a11061b0cdca7a091f6854d6040e76404a26c58273868cb3716de441382c

    • SSDEEP

      24576:/3vLRdVhZBK8NogWYO09jOGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ1txJIiW0MbQxA

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks