General

  • Target

    f83bee2e9d7c8ead88c3d0b761339bfa232e14803608a17e60582516e6559ae0.dll

  • Size

    8KB

  • Sample

    240705-cff15asclg

  • MD5

    d5f8785aedca631c7c8e123dc0e6e35f

  • SHA1

    b1e6ad90352e7d170f3f2d7f3dba3691b8ac9884

  • SHA256

    f83bee2e9d7c8ead88c3d0b761339bfa232e14803608a17e60582516e6559ae0

  • SHA512

    06a9cb9d0690836b8767d848384cc2a994e65da13404a354220e0f7683821babb6647a848a0a5a49cc528721bb1ffcba9d51eae3b5ef9feceeb5ca6e631ed842

  • SSDEEP

    48:qUr3zU9G4aNVhnX5hthMt6dO28xZMEvCHPAPb:+DIibzs

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://89.197.154.116:7810/r0YP8_HZj6Xh9eD0h471LAg3P8LpTQjBwuoVU2_qOmLbrRhD7dzVzwh4X1zqWkGpdfKoeGcDyWqM5Vj7W_USDDh

Targets

    • Target

      f83bee2e9d7c8ead88c3d0b761339bfa232e14803608a17e60582516e6559ae0.dll

    • Size

      8KB

    • MD5

      d5f8785aedca631c7c8e123dc0e6e35f

    • SHA1

      b1e6ad90352e7d170f3f2d7f3dba3691b8ac9884

    • SHA256

      f83bee2e9d7c8ead88c3d0b761339bfa232e14803608a17e60582516e6559ae0

    • SHA512

      06a9cb9d0690836b8767d848384cc2a994e65da13404a354220e0f7683821babb6647a848a0a5a49cc528721bb1ffcba9d51eae3b5ef9feceeb5ca6e631ed842

    • SSDEEP

      48:qUr3zU9G4aNVhnX5hthMt6dO28xZMEvCHPAPb:+DIibzs

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks