General

  • Target

    f2cba176c9681c60d16e7ac717c0ad8f2531cf36203da4651db23bb1d2b33b19

  • Size

    42KB

  • Sample

    240919-12ebestaqg

  • MD5

    ae49b622fdf810ce4a50b175e14274b5

  • SHA1

    1a4da0c5a23fbfd005c2dbe9a693eb3cb1c3500b

  • SHA256

    f2cba176c9681c60d16e7ac717c0ad8f2531cf36203da4651db23bb1d2b33b19

  • SHA512

    043bc03265b21b401712822a098c34a3dc548fe65e22978bd498761be8542b9842028a1edc0936c41910accc015ecfd24c48ed64044347ee3d7bb0d3fd5c1daa

  • SSDEEP

    384:ArtiSt3AfPpNGPTGO+peS/iGvOq5UsizZTFzTChT50jxbfoHt:4J3qxS+peSqmUsineTGbfo

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://192.168.211.143:443/hCaP

Attributes
  • headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; yie9)

Targets

    • Target

      f2cba176c9681c60d16e7ac717c0ad8f2531cf36203da4651db23bb1d2b33b19

    • Size

      42KB

    • MD5

      ae49b622fdf810ce4a50b175e14274b5

    • SHA1

      1a4da0c5a23fbfd005c2dbe9a693eb3cb1c3500b

    • SHA256

      f2cba176c9681c60d16e7ac717c0ad8f2531cf36203da4651db23bb1d2b33b19

    • SHA512

      043bc03265b21b401712822a098c34a3dc548fe65e22978bd498761be8542b9842028a1edc0936c41910accc015ecfd24c48ed64044347ee3d7bb0d3fd5c1daa

    • SSDEEP

      384:ArtiSt3AfPpNGPTGO+peS/iGvOq5UsizZTFzTChT50jxbfoHt:4J3qxS+peSqmUsineTGbfo

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.