General

  • Target

    a.bat

  • Size

    7KB

  • Sample

    240522-nx1mmsec6x

  • MD5

    f3df25231a46629a2bf284b163c214f4

  • SHA1

    11b6996ef719e34e70e008e51e51df238573ddb8

  • SHA256

    fbb44c5cc51bc4660c5ba48b12bcaef9b7b7c1296498e6b17fe8c0c12f60855f

  • SHA512

    bfa174b72a6454f163c9bc72da135f48c0ec8c741ba57017f8782bc63843f7f290f61e607d65afee297a3a7504138a26d8ef7ef91eeaa432369a3346257647bd

  • SSDEEP

    192:/MHXvXhjyhhWSn6wF4XyBa95dXfaYOTPJ:/cXhjyhkSrF4XyBa95hBWPJ

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

45.63.99.50:4444

Targets

    • Target

      a.bat

    • Size

      7KB

    • MD5

      f3df25231a46629a2bf284b163c214f4

    • SHA1

      11b6996ef719e34e70e008e51e51df238573ddb8

    • SHA256

      fbb44c5cc51bc4660c5ba48b12bcaef9b7b7c1296498e6b17fe8c0c12f60855f

    • SHA512

      bfa174b72a6454f163c9bc72da135f48c0ec8c741ba57017f8782bc63843f7f290f61e607d65afee297a3a7504138a26d8ef7ef91eeaa432369a3346257647bd

    • SSDEEP

      192:/MHXvXhjyhhWSn6wF4XyBa95dXfaYOTPJ:/cXhjyhkSrF4XyBa95hBWPJ

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix ATT&CK v13

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Tasks