General

  • Target

    Счёт на оплату.docm

  • Size

    33KB

  • Sample

    240619-lt5fbasfnn

  • MD5

    83854fb53aef0d0597df194487f22e64

  • SHA1

    40a25f83d4f46b2dc146c58bc79a32b0a3ad34e0

  • SHA256

    3e7e321ca46b1337d69b9d39ad4dc1b268abb33c9331c06ad07fbb93f29fab89

  • SHA512

    3f52dee4c9e3220691fdffb563b0cd1a57843d856592897ae101b3470287504a5931dfc6cb76fad7b8e346cbe3c04fb855fa64f358f5fa181cd97c343ef98197

  • SSDEEP

    768:KHcGwQsffnH7G5lN3XJkuin4n56mmuZP3t:K8GwQUH7oFmO6mmqt

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://8.8.8.8:5555/zSE9R66S0rraBdsEuVDCbAcHm4d4HwfrCxUPZVx9puos4rwEtJYcq6pkDktx6eSFYy7kU5oq35RNY-dTUHVT8PkQK697FEhhVal855uLYDsu7kkGa5HPh-A_RSCMYlNagTI5RlAPwzzT3itpLVl0bgaf6gwEd8aYdSKGaoH77_3vcEsKMQlq6uuEh7qF8nE

Targets

    • Target

      Счёт на оплату.docm

    • Size

      33KB

    • MD5

      83854fb53aef0d0597df194487f22e64

    • SHA1

      40a25f83d4f46b2dc146c58bc79a32b0a3ad34e0

    • SHA256

      3e7e321ca46b1337d69b9d39ad4dc1b268abb33c9331c06ad07fbb93f29fab89

    • SHA512

      3f52dee4c9e3220691fdffb563b0cd1a57843d856592897ae101b3470287504a5931dfc6cb76fad7b8e346cbe3c04fb855fa64f358f5fa181cd97c343ef98197

    • SSDEEP

      768:KHcGwQsffnH7G5lN3XJkuin4n56mmuZP3t:K8GwQUH7oFmO6mmqt

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks