General

  • Target

    34793e609c55e77ca27f42b7d87571fc0b2ae090f6cf2c0d5cf61c4e78dcf6b2

  • Size

    1.8MB

  • Sample

    240525-yzpy2agh2t

  • MD5

    e7941660168ecefbf21fdd454b23d9c0

  • SHA1

    12c4c2cc0c8a50d4bf3eaeff0043c6e6517c66af

  • SHA256

    34793e609c55e77ca27f42b7d87571fc0b2ae090f6cf2c0d5cf61c4e78dcf6b2

  • SHA512

    edf0d24df59333191e0260fda47238d2265248d6c06f8115a317f33081d0d76dc02e891e6f0d03d8498f498438ee3240b72cb7cedeff09d4f002927c422e6612

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09rOGi9JbBodjwC/hR:/3d5ZQ11xJ+

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Targets

    • Target

      34793e609c55e77ca27f42b7d87571fc0b2ae090f6cf2c0d5cf61c4e78dcf6b2

    • Size

      1.8MB

    • MD5

      e7941660168ecefbf21fdd454b23d9c0

    • SHA1

      12c4c2cc0c8a50d4bf3eaeff0043c6e6517c66af

    • SHA256

      34793e609c55e77ca27f42b7d87571fc0b2ae090f6cf2c0d5cf61c4e78dcf6b2

    • SHA512

      edf0d24df59333191e0260fda47238d2265248d6c06f8115a317f33081d0d76dc02e891e6f0d03d8498f498438ee3240b72cb7cedeff09d4f002927c422e6612

    • SSDEEP

      24576:/3vLRdVhZBK8NogWYO09rOGi9JbBodjwC/hR:/3d5ZQ11xJ+

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

4
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Collection

Data from Local System

1
T1005

Tasks