General

  • Target

    937b3e3faa04af3c6eceda38322e0fbcb25251665e807d7575e5e408d4907971

  • Size

    1.8MB

  • Sample

    240624-ed8z8szekn

  • MD5

    c4017b96d1080add469eed26a40d32bc

  • SHA1

    238ed115c4938010091459802ff7d6089a354f9e

  • SHA256

    937b3e3faa04af3c6eceda38322e0fbcb25251665e807d7575e5e408d4907971

  • SHA512

    22b04fd165dfed2c216f253250657488e5d711fd63f83c673980b7915b99d50ea923fc4957b724c0ba5ab09e8d0f53fcc32589f39634c269444dee41a38fa953

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09gOGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ1sxJIiW0MbQxA

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Targets

    • Target

      937b3e3faa04af3c6eceda38322e0fbcb25251665e807d7575e5e408d4907971

    • Size

      1.8MB

    • MD5

      c4017b96d1080add469eed26a40d32bc

    • SHA1

      238ed115c4938010091459802ff7d6089a354f9e

    • SHA256

      937b3e3faa04af3c6eceda38322e0fbcb25251665e807d7575e5e408d4907971

    • SHA512

      22b04fd165dfed2c216f253250657488e5d711fd63f83c673980b7915b99d50ea923fc4957b724c0ba5ab09e8d0f53fcc32589f39634c269444dee41a38fa953

    • SSDEEP

      24576:/3vLRdVhZBK8NogWYO09gOGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ1sxJIiW0MbQxA

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks