General

  • Target

    11f5c23d7c4dee2e17b5a706afc5b1af4d4881339df716cc69613065cb489268

  • Size

    40KB

  • Sample

    240624-zvv5xsvhlm

  • MD5

    b5c848c43e9f4b7dec70a6f9fca06d64

  • SHA1

    ef62e391352d8626fa005bd98bf90d62ed3b61e8

  • SHA256

    11f5c23d7c4dee2e17b5a706afc5b1af4d4881339df716cc69613065cb489268

  • SHA512

    c008b1f82c0fe07763d2d434da9ff510fe0b1685f287ec091deda5b42ed764c43499c0309c729294f23fcf2e573240eb7769b618daa1e4ff01d41e58ff1171c9

  • SSDEEP

    384:fyiSwvxjk+tzMVFF8/AFW+7o5TRKkdpCPlIy0jECt7/+Ld:f1xw+t+Fq/A3kdpCPqyjVLd

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://10.10.100.200:443/JgxXsczWxFH9JPwlm11JegtEaHAmKhpZkJEdb9KlcDTnoai0LvID7QMmgM7AfOqswEUQerQPvIFS2NgAA-aYqqJpFgjVjDxtp53BWswAXYX-r7sZEq9XMfPZ1WEgOYZh_F0m5I5KKOd9a_2qQZYu8Svx-SFG1ocJgOKVjMbZGsfIj-dzal9xKOyXzuM-9vwW8uOEm4

Targets

    • Target

      11f5c23d7c4dee2e17b5a706afc5b1af4d4881339df716cc69613065cb489268

    • Size

      40KB

    • MD5

      b5c848c43e9f4b7dec70a6f9fca06d64

    • SHA1

      ef62e391352d8626fa005bd98bf90d62ed3b61e8

    • SHA256

      11f5c23d7c4dee2e17b5a706afc5b1af4d4881339df716cc69613065cb489268

    • SHA512

      c008b1f82c0fe07763d2d434da9ff510fe0b1685f287ec091deda5b42ed764c43499c0309c729294f23fcf2e573240eb7769b618daa1e4ff01d41e58ff1171c9

    • SSDEEP

      384:fyiSwvxjk+tzMVFF8/AFW+7o5TRKkdpCPlIy0jECt7/+Ld:f1xw+t+Fq/A3kdpCPqyjVLd

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

MITRE ATT&CK Enterprise v15

Tasks