General

  • Target

    389d5fd483539040c28707e4e4ccaa3eb775fb8e6946453d3ef284eed1d9b6af

  • Size

    36KB

  • Sample

    240624-zy9gqavhqp

  • MD5

    b68384bd75e1b2e9de6cebe6967c5bee

  • SHA1

    ef14c2262e2366f425458f6a4a8a962451d50d08

  • SHA256

    389d5fd483539040c28707e4e4ccaa3eb775fb8e6946453d3ef284eed1d9b6af

  • SHA512

    a407c4528f4411d2039cc86415b3d8fabeb869cb33ad51d75eb44c8a80fe06e870d96bdc575eec7f9ecdb1b73387ce4624ca28e4e7d267ab797504fef33768fb

  • SSDEEP

    384:dyiSwvxjk+tiPTj6Otg0jk+pdyA5tJ/hO:d1xw+tc6OSJ+pdvO

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://10.10.100.200:443/EWNfntgCmECZ95j2_44oPQ2vFynBHYdyB-PLWzv7E_5jD_XEOsqp0Rbj-fJ-o4YMmRxvupOMOvXUgw0Sj

Targets

    • Target

      389d5fd483539040c28707e4e4ccaa3eb775fb8e6946453d3ef284eed1d9b6af

    • Size

      36KB

    • MD5

      b68384bd75e1b2e9de6cebe6967c5bee

    • SHA1

      ef14c2262e2366f425458f6a4a8a962451d50d08

    • SHA256

      389d5fd483539040c28707e4e4ccaa3eb775fb8e6946453d3ef284eed1d9b6af

    • SHA512

      a407c4528f4411d2039cc86415b3d8fabeb869cb33ad51d75eb44c8a80fe06e870d96bdc575eec7f9ecdb1b73387ce4624ca28e4e7d267ab797504fef33768fb

    • SSDEEP

      384:dyiSwvxjk+tiPTj6Otg0jk+pdyA5tJ/hO:d1xw+tc6OSJ+pdvO

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

MITRE ATT&CK Enterprise v15

Tasks