General

  • Target

    Bypass.bat

  • Size

    6KB

  • Sample

    240922-mf3v1avcmh

  • MD5

    bfbb7fd26c563711d61b4e1485bbe7b3

  • SHA1

    a64ca6e65872c6884ee30825542736e790b1c1df

  • SHA256

    81e676333f537eb2b3a2475150390fdd953cedeb51e951d1ddfb4402abfeba3a

  • SHA512

    849ed3406f926d43a999fbb4fb7954c7a52691215061f25c414e62bb9c3613787a2e564cc72447b70b830feace61ace7e931c997cf0ca4e5a02c752bf1958c53

  • SSDEEP

    192:+n2jh1hqT2yyZ7kxqFy700fH+OZQklkM1+4F6hdC:+n2jh1hs5E7kxnLmk1+zhdC

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

89.197.154.116:7810

Targets

    • Target

      Bypass.bat

    • Size

      6KB

    • MD5

      bfbb7fd26c563711d61b4e1485bbe7b3

    • SHA1

      a64ca6e65872c6884ee30825542736e790b1c1df

    • SHA256

      81e676333f537eb2b3a2475150390fdd953cedeb51e951d1ddfb4402abfeba3a

    • SHA512

      849ed3406f926d43a999fbb4fb7954c7a52691215061f25c414e62bb9c3613787a2e564cc72447b70b830feace61ace7e931c997cf0ca4e5a02c752bf1958c53

    • SSDEEP

      192:+n2jh1hqT2yyZ7kxqFy700fH+OZQklkM1+4F6hdC:+n2jh1hs5E7kxnLmk1+zhdC

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

MITRE ATT&CK Enterprise v15

Tasks