General
-
Target
acf977f45b63736b6064c1bf0c4850324caf8b8f04b4b129b72a56da8cc253bd.exe
-
Size
4.3MB
-
Sample
240621-hlb71stgrj
-
MD5
2a3abe90a0bf6e0a019a6c1a36b58a2a
-
SHA1
5a10aa99a227c5f36a436257ca4c265ae959cacb
-
SHA256
acf977f45b63736b6064c1bf0c4850324caf8b8f04b4b129b72a56da8cc253bd
-
SHA512
284aad004999ce7f5bb8aa4d5c273cec48c39d151929682ef3fa2ea0dece24e7347638fce573916811d6407f33f3d4589a4e98f052526d726db0d206ce166764
-
SSDEEP
12288:MPMe1zAzgiO/HwCao3YLNz4Tfa34P7GDSa3mwT7:M0e1zAzw/HRMNz4TfS7
Static task
static1
Behavioral task
behavioral1
Sample
acf977f45b63736b6064c1bf0c4850324caf8b8f04b4b129b72a56da8cc253bd.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
acf977f45b63736b6064c1bf0c4850324caf8b8f04b4b129b72a56da8cc253bd.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
metasploit
metasploit_stager
3.136.65.236:18059
Targets
-
-
Target
acf977f45b63736b6064c1bf0c4850324caf8b8f04b4b129b72a56da8cc253bd.exe
-
Size
4.3MB
-
MD5
2a3abe90a0bf6e0a019a6c1a36b58a2a
-
SHA1
5a10aa99a227c5f36a436257ca4c265ae959cacb
-
SHA256
acf977f45b63736b6064c1bf0c4850324caf8b8f04b4b129b72a56da8cc253bd
-
SHA512
284aad004999ce7f5bb8aa4d5c273cec48c39d151929682ef3fa2ea0dece24e7347638fce573916811d6407f33f3d4589a4e98f052526d726db0d206ce166764
-
SSDEEP
12288:MPMe1zAzgiO/HwCao3YLNz4Tfa34P7GDSa3mwT7:M0e1zAzw/HRMNz4TfS7
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Matrix ATT&CK v13
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1