General

  • Target

    3ce5a5eec8cc333a09cef77ff7c5cdcacb57e9031173b52e500971840859eac3

  • Size

    1.8MB

  • Sample

    240920-rchswazerb

  • MD5

    8bc94255b0c3a9235c1922f51f55eca0

  • SHA1

    054bdfefcaa0779425475ae182f6ae5726a8017e

  • SHA256

    3ce5a5eec8cc333a09cef77ff7c5cdcacb57e9031173b52e500971840859eac3

  • SHA512

    73947b96d2643f460cea4abba1015735fa5ad0dabaf72eb349b01389bb29c2cddf81f232ba2a647ec88e6f308f803dbe2cdec47f928e686d39f7bbbaadbe0437

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09kOGi9JbBodjwC/hR:/3d5ZQ1sxJ+

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Targets

    • Target

      3ce5a5eec8cc333a09cef77ff7c5cdcacb57e9031173b52e500971840859eac3

    • Size

      1.8MB

    • MD5

      8bc94255b0c3a9235c1922f51f55eca0

    • SHA1

      054bdfefcaa0779425475ae182f6ae5726a8017e

    • SHA256

      3ce5a5eec8cc333a09cef77ff7c5cdcacb57e9031173b52e500971840859eac3

    • SHA512

      73947b96d2643f460cea4abba1015735fa5ad0dabaf72eb349b01389bb29c2cddf81f232ba2a647ec88e6f308f803dbe2cdec47f928e686d39f7bbbaadbe0437

    • SSDEEP

      24576:/3vLRdVhZBK8NogWYO09kOGi9JbBodjwC/hR:/3d5ZQ1sxJ+

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.