General

  • Target

    f55dcabe5c7666954e6a626ad7bed40010a3f598d8ef3efcfb68135d29b2767d.exe

  • Size

    927KB

  • Sample

    240705-cefc7szdkq

  • MD5

    2d54d9c5710c8a2d09111644b8c6f76c

  • SHA1

    6071f929619b0046206d783afebaccaae3106ebb

  • SHA256

    f55dcabe5c7666954e6a626ad7bed40010a3f598d8ef3efcfb68135d29b2767d

  • SHA512

    3376eb97317e081e2732c21d6aa2f39315e9f513657ba6626cfb106cd1dbbe88c0959ecac9e63dbaff075960df65d08efc572bf0aec1dec94fba99a571af3572

  • SSDEEP

    12288:PYfGLH8ujLj/c4GQgoiUW+SA0O0mmdh7mNzY/:PYuLHjjLrcGg+W+S9O07m

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

89.197.154.116:7810

Targets

    • Target

      f55dcabe5c7666954e6a626ad7bed40010a3f598d8ef3efcfb68135d29b2767d.exe

    • Size

      927KB

    • MD5

      2d54d9c5710c8a2d09111644b8c6f76c

    • SHA1

      6071f929619b0046206d783afebaccaae3106ebb

    • SHA256

      f55dcabe5c7666954e6a626ad7bed40010a3f598d8ef3efcfb68135d29b2767d

    • SHA512

      3376eb97317e081e2732c21d6aa2f39315e9f513657ba6626cfb106cd1dbbe88c0959ecac9e63dbaff075960df65d08efc572bf0aec1dec94fba99a571af3572

    • SSDEEP

      12288:PYfGLH8ujLj/c4GQgoiUW+SA0O0mmdh7mNzY/:PYuLHjjLrcGg+W+S9O07m

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

MITRE ATT&CK Matrix

Tasks