General

  • Target

    964bc106798c2cfb951a19f8e59e1fcb5510ac23.exe

  • Size

    17KB

  • Sample

    241119-pc8cesvrew

  • MD5

    b236486f7756776b56c743c03f7a106e

  • SHA1

    964bc106798c2cfb951a19f8e59e1fcb5510ac23

  • SHA256

    690f3afd44a9fdf735cee163a26b2b5cccdb49d6802713868ddb6a4342dc21b6

  • SHA512

    42f3181244cb3d03cc5f08ede2dea275fadf2f3072f41c06eb8b3ffde3c33ad8fbbd8fb5a47f342b05664b6b553f3d330eb3610e61ff039cb0c1b0195572757d

  • SSDEEP

    384:YfjcjwcOkjc5lPvL/c1fcrj8coFHPAel1rpI2cl1caXUCcYUlkX3nfT0f:ejcjwc1jc5B/c1fcrj8cccl1caXHc2X6

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.18.106:4535

Targets

    • Target

      964bc106798c2cfb951a19f8e59e1fcb5510ac23.exe

    • Size

      17KB

    • MD5

      b236486f7756776b56c743c03f7a106e

    • SHA1

      964bc106798c2cfb951a19f8e59e1fcb5510ac23

    • SHA256

      690f3afd44a9fdf735cee163a26b2b5cccdb49d6802713868ddb6a4342dc21b6

    • SHA512

      42f3181244cb3d03cc5f08ede2dea275fadf2f3072f41c06eb8b3ffde3c33ad8fbbd8fb5a47f342b05664b6b553f3d330eb3610e61ff039cb0c1b0195572757d

    • SSDEEP

      384:YfjcjwcOkjc5lPvL/c1fcrj8coFHPAel1rpI2cl1caXUCcYUlkX3nfT0f:ejcjwc1jc5B/c1fcrj8cccl1caXHc2X6

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Metasploit family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

MITRE ATT&CK Enterprise v15

Tasks