General

  • Target

    97e021fc7ab25477ac6569153977da6db8ead881d8c9a4a1a69b18b41d11805b

  • Size

    1.8MB

  • Sample

    240620-ynhetavfjd

  • MD5

    1d6a534cbd7d4f15b102cbf5c8ea6311

  • SHA1

    9a149f876f028df7a62120506d8915095d0541d1

  • SHA256

    97e021fc7ab25477ac6569153977da6db8ead881d8c9a4a1a69b18b41d11805b

  • SHA512

    e4b5c2405806f7dbbf81825eec43cc7fbd8d713dd4a43ec1b2c3412ce5ed153b539f9d926d6cd91ae6c135c33e46b56ff2d42ff4420f8e47eb6642e6ccca14c5

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09SOGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ1axJIiW0MbQxA

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Targets

    • Target

      97e021fc7ab25477ac6569153977da6db8ead881d8c9a4a1a69b18b41d11805b

    • Size

      1.8MB

    • MD5

      1d6a534cbd7d4f15b102cbf5c8ea6311

    • SHA1

      9a149f876f028df7a62120506d8915095d0541d1

    • SHA256

      97e021fc7ab25477ac6569153977da6db8ead881d8c9a4a1a69b18b41d11805b

    • SHA512

      e4b5c2405806f7dbbf81825eec43cc7fbd8d713dd4a43ec1b2c3412ce5ed153b539f9d926d6cd91ae6c135c33e46b56ff2d42ff4420f8e47eb6642e6ccca14c5

    • SSDEEP

      24576:/3vLRdVhZBK8NogWYO09SOGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ1axJIiW0MbQxA

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

4
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Collection

Data from Local System

1
T1005

Tasks