General

  • Target

    d1763e66be583b16818a92a0e606239cfec2145367c131dc19c8a2319a580b84

  • Size

    128KB

  • Sample

    240624-k326wavbmc

  • MD5

    e1d8dd596c6dff4e25318cae6fab2345

  • SHA1

    b9d1e789344bff82cf18e067bd135db2e18e6ab4

  • SHA256

    d1763e66be583b16818a92a0e606239cfec2145367c131dc19c8a2319a580b84

  • SHA512

    a889fce27e4e773a036c3fe48ec9efb879d7f24e32c99fa3120d3bbdbec3eeb92c3ea7b5a30ad2b3063b673cafea72070b89da91d97bda31ec1e4621e3356046

  • SSDEEP

    3072:YU11uWWWWUaaarkuIpi8WP63S+o6qH8QjUDDdofYRxYv0sSpMU4HBE:D1/08wMSWqcaUeSh4H

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      d1763e66be583b16818a92a0e606239cfec2145367c131dc19c8a2319a580b84

    • Size

      128KB

    • MD5

      e1d8dd596c6dff4e25318cae6fab2345

    • SHA1

      b9d1e789344bff82cf18e067bd135db2e18e6ab4

    • SHA256

      d1763e66be583b16818a92a0e606239cfec2145367c131dc19c8a2319a580b84

    • SHA512

      a889fce27e4e773a036c3fe48ec9efb879d7f24e32c99fa3120d3bbdbec3eeb92c3ea7b5a30ad2b3063b673cafea72070b89da91d97bda31ec1e4621e3356046

    • SSDEEP

      3072:YU11uWWWWUaaarkuIpi8WP63S+o6qH8QjUDDdofYRxYv0sSpMU4HBE:D1/08wMSWqcaUeSh4H

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks