General

  • Target

    0e764040f2fd6e55610ceb4e9c26ef5700b88f39976d568e177e5dd87177d659

  • Size

    1.8MB

  • Sample

    241120-ywnlsssmdt

  • MD5

    4f2f750825afb052a301916e922bb070

  • SHA1

    e087c8ec1d7155e1c0ac7634299af0e4e6c17a0d

  • SHA256

    0e764040f2fd6e55610ceb4e9c26ef5700b88f39976d568e177e5dd87177d659

  • SHA512

    6365f5159943efa200ee20b3503d0b0a6649287f73b389f7d39a50605a81ba877ac704289f5b4a798b0387e386f964728615fcb597b0b64b0c33a5c1f3d4f188

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09aOGi9JHyMJmUgLk7/QDQHcb4j4wBC33hF7b60HNB/aQf:/3d5ZQ1mxJTJm/Y88j4i0jftBCO

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Targets

    • Target

      0e764040f2fd6e55610ceb4e9c26ef5700b88f39976d568e177e5dd87177d659

    • Size

      1.8MB

    • MD5

      4f2f750825afb052a301916e922bb070

    • SHA1

      e087c8ec1d7155e1c0ac7634299af0e4e6c17a0d

    • SHA256

      0e764040f2fd6e55610ceb4e9c26ef5700b88f39976d568e177e5dd87177d659

    • SHA512

      6365f5159943efa200ee20b3503d0b0a6649287f73b389f7d39a50605a81ba877ac704289f5b4a798b0387e386f964728615fcb597b0b64b0c33a5c1f3d4f188

    • SSDEEP

      24576:/3vLRdVhZBK8NogWYO09aOGi9JHyMJmUgLk7/QDQHcb4j4wBC33hF7b60HNB/aQf:/3d5ZQ1mxJTJm/Y88j4i0jftBCO

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Metasploit family

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks