General

  • Target

    8f1ff7c9eb8b16e31acbfe157a07fc439566d25536e64d9a6310bc821ddbc101

  • Size

    1.8MB

  • Sample

    241021-tmz61sydrg

  • MD5

    00d9bcbe1d72f02d15f4c52f9c16827f

  • SHA1

    593ec632f954046e0fc6a50d20047a8d296cd9ef

  • SHA256

    8f1ff7c9eb8b16e31acbfe157a07fc439566d25536e64d9a6310bc821ddbc101

  • SHA512

    5be6173f112d46cb3920d32f048294a7fb9a0c775cd1f6882ebc3a921b6f83f104b6617dd1583a4b75725fa9ce53cdaa9c57cc69c5ca77252be4187a5967f6ea

  • SSDEEP

    24576:R3vL762VhZBJ905EmMyPnQxhe4627l9BoUj3QC/hR:R3P6UZTHeW

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Targets

    • Target

      8f1ff7c9eb8b16e31acbfe157a07fc439566d25536e64d9a6310bc821ddbc101

    • Size

      1.8MB

    • MD5

      00d9bcbe1d72f02d15f4c52f9c16827f

    • SHA1

      593ec632f954046e0fc6a50d20047a8d296cd9ef

    • SHA256

      8f1ff7c9eb8b16e31acbfe157a07fc439566d25536e64d9a6310bc821ddbc101

    • SHA512

      5be6173f112d46cb3920d32f048294a7fb9a0c775cd1f6882ebc3a921b6f83f104b6617dd1583a4b75725fa9ce53cdaa9c57cc69c5ca77252be4187a5967f6ea

    • SSDEEP

      24576:R3vL762VhZBJ905EmMyPnQxhe4627l9BoUj3QC/hR:R3P6UZTHeW

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks