General

  • Target

    a8b762aa834d9a388b67962f80b161238a3c1194025daecf028aaa3d6e5a3a56

  • Size

    41KB

  • Sample

    240624-zt2ajsvhjr

  • MD5

    cd9077322a081864b40900c91975d1af

  • SHA1

    bbcf7503354f2a53ce412a7ba32e7a8f96139515

  • SHA256

    a8b762aa834d9a388b67962f80b161238a3c1194025daecf028aaa3d6e5a3a56

  • SHA512

    b3c47af8212113bfa022ba720be74a643fa2818a77517c98c1137b0b2ee79c039191ef6a54a1da55a923effd73df56206f297f7946f4aa657862466de19fb7d9

  • SSDEEP

    384:RyiSwvxjk+tzQPZNy9WhgCTB/a4+dpCPlIZM0jrBPsttbLdfL:R1xw+teNy9WPX+dpCPquQPsjLdfL

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://10.10.100.200:443/JgxXsczWxFH9JPwlm11JegtEaHAmKhpZkJEdb9KlcDTnoai0LvID7QMmgM7AfOqswEUQerQPvIFS2NgAA-aYqqJpFgjVjDxtp53BWswAXYX-r7sZEq9XMfPZ1WEgOYZh_F0m5I5KKOd9a_2qQZYu8Svx-SFG1ocJgOKVjMbZGsfIj-dzal9xKOyXzuM-9vwW8uOEm4

Targets

    • Target

      a8b762aa834d9a388b67962f80b161238a3c1194025daecf028aaa3d6e5a3a56

    • Size

      41KB

    • MD5

      cd9077322a081864b40900c91975d1af

    • SHA1

      bbcf7503354f2a53ce412a7ba32e7a8f96139515

    • SHA256

      a8b762aa834d9a388b67962f80b161238a3c1194025daecf028aaa3d6e5a3a56

    • SHA512

      b3c47af8212113bfa022ba720be74a643fa2818a77517c98c1137b0b2ee79c039191ef6a54a1da55a923effd73df56206f297f7946f4aa657862466de19fb7d9

    • SSDEEP

      384:RyiSwvxjk+tzQPZNy9WhgCTB/a4+dpCPlIZM0jrBPsttbLdfL:R1xw+teNy9WPX+dpCPquQPsjLdfL

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

MITRE ATT&CK Enterprise v15

Tasks