Resubmissions
15-04-2024 19:23
240415-x3x85sgc7w 715-04-2024 19:22
240415-x3lv4sgc6z 315-04-2024 19:21
240415-x2vfvsea28 715-04-2024 19:14
240415-xxtnrsdh25 1015-04-2024 19:10
240415-xvtwraga7x 715-04-2024 18:36
240415-w8xzwsdc78 1015-04-2024 18:26
240415-w29p4sfd71 715-04-2024 17:59
240415-wkv6dseh4w 10General
-
Target
advbattoexeconverter.exe
-
Size
804KB
-
Sample
240415-wkv6dseh4w
-
MD5
83bb1b476c7143552853a2cf983c1142
-
SHA1
8ff8ed5c533d70a7d933ec45264dd700145acd8c
-
SHA256
af09248cb756488850f9e6f9a7a00149005bf47a9b2087b792ff6bd937297ffb
-
SHA512
6916c6c5addf43f56b9de217e1b640ab6f4d7e5a73cd33a7189f66c9b7f0b954c5aa635f92fcef5692ca0ca0c8767e97a678e90d545079b5e6d421555f5b761a
-
SSDEEP
24576:0xFkFHdJ8aT/iziXH6FGnYhqQuimKC6Qpor:0IdJ1KiBYhsl+r
Static task
static1
Behavioral task
behavioral1
Sample
advbattoexeconverter.exe
Resource
win11-20240412-en
Malware Config
Extracted
metasploit
windows/download_exec
http://149.129.72.37:23456/SNpK
- headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP09; NP09; MAAU)
Targets
-
-
Target
advbattoexeconverter.exe
-
Size
804KB
-
MD5
83bb1b476c7143552853a2cf983c1142
-
SHA1
8ff8ed5c533d70a7d933ec45264dd700145acd8c
-
SHA256
af09248cb756488850f9e6f9a7a00149005bf47a9b2087b792ff6bd937297ffb
-
SHA512
6916c6c5addf43f56b9de217e1b640ab6f4d7e5a73cd33a7189f66c9b7f0b954c5aa635f92fcef5692ca0ca0c8767e97a678e90d545079b5e6d421555f5b761a
-
SSDEEP
24576:0xFkFHdJ8aT/iziXH6FGnYhqQuimKC6Qpor:0IdJ1KiBYhsl+r
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Modifies WinLogon
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4