General

  • Target

    8a5b93a246ad14c60ddcbd3ee8049c7aaf29eb828925ddf9f9d726688976ad8d

  • Size

    692KB

  • Sample

    240621-hg28mstglp

  • MD5

    f61739639a4a306981f76031345127c8

  • SHA1

    574ba58eede70d1e60092d03a4d66ee8b68af68a

  • SHA256

    8a5b93a246ad14c60ddcbd3ee8049c7aaf29eb828925ddf9f9d726688976ad8d

  • SHA512

    d8226e136ee80c1d0c0838ab798e77d947e6071a991cb8db4e3b359f888cc89aaed3e0bd47205262ce7877935cc39edce385f9855accf47c1b8de9a7a1266c5a

  • SSDEEP

    12288:q6f13oK/cDVrSs0SYnI/BNq1egCJ1y0Vm1uIf59UcudQM9zU1Jok2fP4VD:q6ftojDBeSYnI/K1pCTywjGzh2

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Targets

    • Target

      8a5b93a246ad14c60ddcbd3ee8049c7aaf29eb828925ddf9f9d726688976ad8d

    • Size

      692KB

    • MD5

      f61739639a4a306981f76031345127c8

    • SHA1

      574ba58eede70d1e60092d03a4d66ee8b68af68a

    • SHA256

      8a5b93a246ad14c60ddcbd3ee8049c7aaf29eb828925ddf9f9d726688976ad8d

    • SHA512

      d8226e136ee80c1d0c0838ab798e77d947e6071a991cb8db4e3b359f888cc89aaed3e0bd47205262ce7877935cc39edce385f9855accf47c1b8de9a7a1266c5a

    • SSDEEP

      12288:q6f13oK/cDVrSs0SYnI/BNq1egCJ1y0Vm1uIf59UcudQM9zU1Jok2fP4VD:q6ftojDBeSYnI/K1pCTywjGzh2

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Collection

Data from Local System

1
T1005

Tasks