General

  • Target

    showcaptcha

  • Size

    16KB

  • Sample

    240617-s8hcnavgpb

  • MD5

    158650041a3eb6475fa82bd28b504540

  • SHA1

    3fea01d61ebd764153e1b123e6208d201d21e3b3

  • SHA256

    5934e81a30bd867068c77a66b807996d7fc35c3328e81865fce4190717e79214

  • SHA512

    b1793b9df0cf20b7570e759d20b09d7728e45d4ca465d633eea8857c5727f872f97eefcc9fa920841349ea4f6c043d7703bd6b6a05d74bdade9db108685dd57c

  • SSDEEP

    384:eEelrgl7QGKbyOWiiNBzgMFO+gQ0kXd28J7utAqRkvRgQaLyCMipH:teJgdQJbrncBznFO+NvXo8ButAqRkvRw

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://2.tcp.eu.ngrok.io:18319/ocdCDhUNro8RHRAcd21H2A3rLUeQm

Targets

    • Target

      showcaptcha

    • Size

      16KB

    • MD5

      158650041a3eb6475fa82bd28b504540

    • SHA1

      3fea01d61ebd764153e1b123e6208d201d21e3b3

    • SHA256

      5934e81a30bd867068c77a66b807996d7fc35c3328e81865fce4190717e79214

    • SHA512

      b1793b9df0cf20b7570e759d20b09d7728e45d4ca465d633eea8857c5727f872f97eefcc9fa920841349ea4f6c043d7703bd6b6a05d74bdade9db108685dd57c

    • SSDEEP

      384:eEelrgl7QGKbyOWiiNBzgMFO+gQ0kXd28J7utAqRkvRgQaLyCMipH:teJgdQJbrncBznFO+NvXo8ButAqRkvRw

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

4
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Command and Control

Web Service

1
T1102

Tasks