General

  • Target

    464d75dbdcf6f1d63548ae38cc526bffed1c2230cdc566cbfefedc5f1dbf37d8.exe

  • Size

    686KB

  • Sample

    240707-nfnlratblg

  • MD5

    4cc83c1d4ec13a4af32da81c6b04351f

  • SHA1

    870bffd2f93673d0b370f28a2d84f8df0cc5a112

  • SHA256

    464d75dbdcf6f1d63548ae38cc526bffed1c2230cdc566cbfefedc5f1dbf37d8

  • SHA512

    6b5015d8498e548792cafbe2d9a6ef422d117d3d869d8493d35ef8c2276c689fee59894dd9625c8222b450c96fd62a4e65794cfd5d99208b76ca6bc6f0916453

  • SSDEEP

    12288:nsaY8rL/gEqsKwjPFNrYDBg7/r5Mt7jDFwHKfZMJjkn0br9ExYLPee2ig4k4hBF8:B/rLjqLmPFNrYDa7/6tXDGqfZMtlbS0E

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.0.101:5555

Targets

    • Target

      464d75dbdcf6f1d63548ae38cc526bffed1c2230cdc566cbfefedc5f1dbf37d8.exe

    • Size

      686KB

    • MD5

      4cc83c1d4ec13a4af32da81c6b04351f

    • SHA1

      870bffd2f93673d0b370f28a2d84f8df0cc5a112

    • SHA256

      464d75dbdcf6f1d63548ae38cc526bffed1c2230cdc566cbfefedc5f1dbf37d8

    • SHA512

      6b5015d8498e548792cafbe2d9a6ef422d117d3d869d8493d35ef8c2276c689fee59894dd9625c8222b450c96fd62a4e65794cfd5d99208b76ca6bc6f0916453

    • SSDEEP

      12288:nsaY8rL/gEqsKwjPFNrYDBg7/r5Mt7jDFwHKfZMJjkn0br9ExYLPee2ig4k4hBF8:B/rLjqLmPFNrYDa7/6tXDGqfZMtlbS0E

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks