General

  • Target

    aeacc1c242d68438d49588e22a316040681e61f5382a15dc9ff5b23fe6d000b8

  • Size

    793KB

  • Sample

    240618-hkt2fawbjp

  • MD5

    f0745d9c00239af8963de4dce08f45e6

  • SHA1

    3a2e847ffe3765296c1212704c153b37c98f377a

  • SHA256

    aeacc1c242d68438d49588e22a316040681e61f5382a15dc9ff5b23fe6d000b8

  • SHA512

    2912be7819be7138d255a7127ec5ca621b16e328713909bebec7d4fff93e76b63595f57d9cf99d5ffa1a5a10a7b03db1a2228223863d4555790b300d3cdedb2e

  • SSDEEP

    24576:L6ftojDBeSYnI4iGrBZt6IZx89W0CxV9asvCpm2:LLp9oI4iGrNf8Alm

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Targets

    • Target

      aeacc1c242d68438d49588e22a316040681e61f5382a15dc9ff5b23fe6d000b8

    • Size

      793KB

    • MD5

      f0745d9c00239af8963de4dce08f45e6

    • SHA1

      3a2e847ffe3765296c1212704c153b37c98f377a

    • SHA256

      aeacc1c242d68438d49588e22a316040681e61f5382a15dc9ff5b23fe6d000b8

    • SHA512

      2912be7819be7138d255a7127ec5ca621b16e328713909bebec7d4fff93e76b63595f57d9cf99d5ffa1a5a10a7b03db1a2228223863d4555790b300d3cdedb2e

    • SSDEEP

      24576:L6ftojDBeSYnI4iGrBZt6IZx89W0CxV9asvCpm2:LLp9oI4iGrNf8Alm

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Collection

Data from Local System

1
T1005

Tasks