General

  • Target

    1.dll

  • Size

    9KB

  • Sample

    240522-pmlamsbc51

  • MD5

    1ec16da98fa7190204bdd8c7bebfccdf

  • SHA1

    2e6922fdc24cfab4e249e54412a79417ceff84cb

  • SHA256

    11b68c12632d90ab188f87bcf5dbd8ad054838a25bdd9438fcf88a2e01e5dc33

  • SHA512

    b26bd70d59805ab7d185d7c6a84360954295b1ed1dcf9f19c2c220cbcaced9314def262a3b54e94b1b36b5a3a57a680a57df0f7a2501008639ed0b4a2e1136b9

  • SSDEEP

    48:q0kV3zU9G4aNVh7XphlhEF57/nc6aZrCO1Jzh7xxwvPbOE:vDIKkjBbLxwv

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://74.48.220.31:8632/DcTIHAkb/1Q9Al5hrrEAhwCDBRCiYGggPZcyiBi_xKi-9qEZ3QhAONrkh9Ts8sac7OLknj_rtSpHvewsrpGalKTjp2-2I_5_pbm2tf36g09eRXRhNxWMR0xZ-A1eGng9-AoB9VMAn0rI92zd8GxT6zYg1eBKt24C6mvr3BBuYBRZYgpXmkV7oFxt-d

Targets

    • Target

      1.dll

    • Size

      9KB

    • MD5

      1ec16da98fa7190204bdd8c7bebfccdf

    • SHA1

      2e6922fdc24cfab4e249e54412a79417ceff84cb

    • SHA256

      11b68c12632d90ab188f87bcf5dbd8ad054838a25bdd9438fcf88a2e01e5dc33

    • SHA512

      b26bd70d59805ab7d185d7c6a84360954295b1ed1dcf9f19c2c220cbcaced9314def262a3b54e94b1b36b5a3a57a680a57df0f7a2501008639ed0b4a2e1136b9

    • SSDEEP

      48:q0kV3zU9G4aNVh7XphlhEF57/nc6aZrCO1Jzh7xxwvPbOE:vDIKkjBbLxwv

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks