General

  • Target

    994af8b2aab42a023940e7bc5e693fb435cfc167264e85f1b5f339aad0e60447

  • Size

    1.1MB

  • Sample

    240525-qtvckaec3s

  • MD5

    a7a7570f35c66da1041279344481b878

  • SHA1

    6abf7331f6553b4f5f76fba1a12405c697cb6bd5

  • SHA256

    994af8b2aab42a023940e7bc5e693fb435cfc167264e85f1b5f339aad0e60447

  • SHA512

    9c0b9086e2fba213f949fc2ac1bf7a1b847bf414c836c750498f169125fbb999639fe18f28cccf9e743fd01474ab7282887b684150e70be385ab18110796ac9a

  • SSDEEP

    24576:uubsnafAPykB/Sg4amW5lRqjV2HQro+io5wZpmzOo43gNtQo:wbpS6mW5KOQrb35wZpuOo1Nx

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://47.242.225.31:7736/c/msdownload/update/others/2022/07/4212356

Attributes
  • headers User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40

Targets

    • Target

      994af8b2aab42a023940e7bc5e693fb435cfc167264e85f1b5f339aad0e60447

    • Size

      1.1MB

    • MD5

      a7a7570f35c66da1041279344481b878

    • SHA1

      6abf7331f6553b4f5f76fba1a12405c697cb6bd5

    • SHA256

      994af8b2aab42a023940e7bc5e693fb435cfc167264e85f1b5f339aad0e60447

    • SHA512

      9c0b9086e2fba213f949fc2ac1bf7a1b847bf414c836c750498f169125fbb999639fe18f28cccf9e743fd01474ab7282887b684150e70be385ab18110796ac9a

    • SSDEEP

      24576:uubsnafAPykB/Sg4amW5lRqjV2HQro+io5wZpmzOo43gNtQo:wbpS6mW5KOQrb35wZpuOo1Nx

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks