General

  • Target

    03f9fd2ed89de09d2dbed8de06f8fe76.bin

  • Size

    457KB

  • Sample

    240624-cjnkdaybjj

  • MD5

    03f9fd2ed89de09d2dbed8de06f8fe76

  • SHA1

    4abfa12b785713bcb8a8d07175114dc903196fc3

  • SHA256

    ddb66647189270d6046b6c95e30900f83ffe9911e77a918dd50a6f09879d1624

  • SHA512

    f11a7029308abaa10f5b5cda1c04997f24d3e275b101533a15aa74645b05ed102f448002bfdeb2df86ca6651ab707eaa20fa1e1835851dc18754b2fdeb9ff1d3

  • SSDEEP

    6144:x9JLFprEWDl7s5t38dX6pKE4dU7kpoTcnFOHuln+Otc+EkzI8jSejCE8aKP3sGvt:x99gbP/GFK9ACwdag/2OuV8IRCg

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp_dns

C2

testme.com:80

Targets

    • Target

      03f9fd2ed89de09d2dbed8de06f8fe76.bin

    • Size

      457KB

    • MD5

      03f9fd2ed89de09d2dbed8de06f8fe76

    • SHA1

      4abfa12b785713bcb8a8d07175114dc903196fc3

    • SHA256

      ddb66647189270d6046b6c95e30900f83ffe9911e77a918dd50a6f09879d1624

    • SHA512

      f11a7029308abaa10f5b5cda1c04997f24d3e275b101533a15aa74645b05ed102f448002bfdeb2df86ca6651ab707eaa20fa1e1835851dc18754b2fdeb9ff1d3

    • SSDEEP

      6144:x9JLFprEWDl7s5t38dX6pKE4dU7kpoTcnFOHuln+Otc+EkzI8jSejCE8aKP3sGvt:x99gbP/GFK9ACwdag/2OuV8IRCg

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks