metasploit | f87237859e6849d770c327ae300cdfbff8b8f9193e8ace2f739f8629a087b7f3

Sharing

Copy URL

Twitter E-mail

General

Target

f87237859e6849d770c327ae300cdfbff8b8f9193e8ace2f739f8629a087b7f3
Size

14.3MB
Sample

241203-254adsyqht
MD5

6fcd7ac1028668bcda61633dd40f1f49
SHA1

bd9547ee86e28fc01fe459b91c2c5ee090fbe2cb
SHA256

f87237859e6849d770c327ae300cdfbff8b8f9193e8ace2f739f8629a087b7f3
SHA512

cd4a68943fc2995fac19beaf99949e9b68238a7759d6744e569f3fa0ab7e6ea413c40a3cc2af447366db71dbe48106c79f5a403d797ff03de431d802f4f968c3
SSDEEP

393216:oZo8lNCe0Iymb6JrIpgp+ueSrfAZa5EkwBN5Tc:oq8liJEpa+6iNlc

Score

10^/10

metasploit discovery

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

http://101.34.205.247:443/jquery-3.3.1.slim.min.js

Targets

- Target
  
  101.34.205.247:8080/BsSndRpt1.exe
- Size
  
  498KB
- MD5
  
  633f88b60c96f579af1a71f2d59b4566
- SHA1
  
  a514ac6d639c34413ca3ff1257a6719df08f780c
- SHA256
  
  aaf6b2f8cb7389c5cf0391bb41aa9cc6d2fe7aee75e8570a2b096c054ebcd8d6
- SHA512
  
  92e984b5e885ebbb95f30351997adcdd762447b6300a437c1c3fd236fe2a8376775506d384ba827dc1a62b9d293fc2f31ecc169e3c0e4f35cb7d4bc3f005f580
- SSDEEP
  
  12288:qvHpZvj+wMKYxVPtzkZ25hQJxzxtElsvo6TmC:qGkZYExzxtHvP6C
Score

1^/10
behavioral1 behavioral2
- Target
  
  101.34.205.247:8080/BugSplatRc64.dll
- Size
  
  2.5MB
- MD5
  
  b0ee3d1f0e8596af893de17a6a33ec60
- SHA1
  
  d07d83db15b79a11d2eeaba942d89dffb56a8ffc
- SHA256
  
  131401b876ee046f0cfaf339e40d5f71cee5aa15540f0f8ed15e1407652bfecf
- SHA512
  
  434116b2e20075f7a491ad796b99add6e1988a1bdf8d85e7e15f933df865e5b97cee56a2e0ee631faf21fc42139de86e4e458ef6bfbca04dc0638a8a8ddb1186
- SSDEEP
  
  49152:JHDhpEEjOa5B4Epz63ezTBgCqXo1aLkYAqDB4ORWoK7/FHr:pDU1ezWo1aLhDGORY7d
Score

1^/10
behavioral3 behavioral4
- Target
  
  101.34.205.247:8080/checker.exe
- Size
  
  3.3MB
- MD5
  
  db5bcf288ed2d590ee3fcaaba9ce6ebd
- SHA1
  
  fc2bb4a598f7c96f086c64ed192d38a988fe6d8a
- SHA256
  
  485cac639b15862e040235619fb8b07ad41617ff0261fc268b9406836f55d0f6
- SHA512
  
  68c6de068ce0f67d8fb81518b73b21efb95e1d60d37166421db7e4e451bd6dc1bdcd1c19d428700c1f4662c79a6347b0b447b35959f0d58229f89429182c2090
- SSDEEP
  
  49152:4H5NXYPJJ1m1l43g7W+W3TWkbw8KjY0J5RPXyIW93OxSbAEWCW:/PXZ3g7W+WDTcd9A93u8W
Score

7^/10
- Deletes itself
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral5 behavioral6
- Target
  
  101.34.205.247:8080/cs/help.dll
- Size
  
  1.2MB
- MD5
  
  21de83ad8b0720eff0d3b3cc99e00ed2
- SHA1
  
  b563818772796e6e7dcd768213a733f376c66ada
- SHA256
  
  6c2dadc15579a966f4d9116287688ea20fb30f836ed83470a97d81d17eee2fb4
- SHA512
  
  71ea9b1b01ab2bb5fb04b7531a36f8f06f9ee1980e364bde2496c5849ae14108033b1225c0a3154679b6f7b73baeb9f4174878cf93edc4273073bc8de11330b4
- SSDEEP
  
  24576:0WKYuZA8jIdxk9R57CPi6HxQ+nGBa7Z3bM0KJ3VReBJmTao2s+P3atqTmjrmC9Vy:vuZA8jIdxAR57CPi6HxlnGBa79Y0KJ3E
Score

1^/10
behavioral7 behavioral8
- Target
  
  101.34.205.247:8080/cs/logon.exe
- Size
  
  3.8MB
- MD5
  
  60715947f87e5b222b396082e29d443a
- SHA1
  
  a68f4ded829712e5b85d9f16fe5318da7f04b404
- SHA256
  
  ad1e257c9cb70f062ed1665d3d518543a91573383b2073fd78b8e4fe2138a6e9
- SHA512
  
  84f45e09373c4681f8a783c205a2e77b338369925f33a190aa6fcf611067be1fb735c742a4dad976e6080c1b9438dbb061a1738a40f4f841bf4b23ea3032c7c9
- SSDEEP
  
  49152:YH5NXYPJJ1m1l43g7W+W3TWkbw8KjY0J5RPXyIW93OxSbAEWCr+leBJkffxN:fPXZ3g7W+WDTcd9A93u8r+c4fxN
Score

7^/10
- Deletes itself
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral10 behavioral9
- Target
  
  101.34.205.247:8080/cs/parfait.dll
- Size
  
  3.6MB
- MD5
  
  9fe49a178cd8ac85b39d9d690e1ab1e2
- SHA1
  
  ee8d92680aa07b68ce543c5543f231bb07780772
- SHA256
  
  2074d782d41071f6a232c4556c59d076f5bf3d5a83885cf61d1f2536130f0870
- SHA512
  
  0a13b50ae13de292467b8ca43fe4cf894706ae6e582d45884e5bf0c176de00887fbadea50f91eceacd19a5e8f60f43aec3d834f5387966614a42123cb87523d0
- SSDEEP
  
  49152:ZP5Z00mp+oBjG+ZMS9o5z8H01lzjN5Et+/veZ+NI:Fw+kKI9Y3LEt8Wx
Score

7^/10
- Deletes itself
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral11 behavioral12
- Target
  
  101.34.205.247:8080/get.exe
- Size
  
  4.7MB
- MD5
  
  80cccb614d30af19785389a143dca208
- SHA1
  
  164d20ad592254c9cac5d4638eeb2ae15ed39973
- SHA256
  
  ed7d4f76ce69a76c9fee73ce5fea0b843bd0827ec04ac9987589718bc5337c84
- SHA512
  
  995f941c88acb943be5caf486128b363978739ea34b97c6caab17e321dd248d16b494aebff0281d1031ed9bd7a51575beab3b354a9c72d32e171de43f31d8105
- SSDEEP
  
  98304:5H4R5KHagrOuLveyvczmFSxtxyguSGEptw2:5Y0LLvslTHBO
Score

1^/10
behavioral13 behavioral14
- Target
  
  101.34.205.247:8080/help.dll
- Size
  
  1.2MB
- MD5
  
  21de83ad8b0720eff0d3b3cc99e00ed2
- SHA1
  
  b563818772796e6e7dcd768213a733f376c66ada
- SHA256
  
  6c2dadc15579a966f4d9116287688ea20fb30f836ed83470a97d81d17eee2fb4
- SHA512
  
  71ea9b1b01ab2bb5fb04b7531a36f8f06f9ee1980e364bde2496c5849ae14108033b1225c0a3154679b6f7b73baeb9f4174878cf93edc4273073bc8de11330b4
- SSDEEP
  
  24576:0WKYuZA8jIdxk9R57CPi6HxQ+nGBa7Z3bM0KJ3VReBJmTao2s+P3atqTmjrmC9Vy:vuZA8jIdxAR57CPi6HxlnGBa79Y0KJ3E
Score

1^/10
behavioral15 behavioral16
- Target
  
  101.34.205.247:8080/output.exe
- Size
  
  354KB
- MD5
  
  52a5767fe6ecc40dd9a76b040e5ae971
- SHA1
  
  1c0da2745432e748b2130b963026face20e5450d
- SHA256
  
  d5994c016ebd7e16a62b7007ca63b33aa6075f63d17a7ac6fc9ea78cc05db54f
- SHA512
  
  12f98925629efbee1ea355bbe606d162f62381a78ccbf7e28d21acf0095172befb84f812958d271d3edbf1f59c100d69a113446e1826e9972493c3f0e064c2fb
- SSDEEP
  
  6144:wxhSqmqPQRpujRSC47jYEzkfCUbwIGn8WG6VWEXrw6K3Oi/Tf1ZWh:jqmqoWjF+kfCUbwr8WG6EE0xnTf12
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  101.34.205.247:8080/parfait.dll
- Size
  
  3.6MB
- MD5
  
  84d2054d713e43901f90f0f852a8dc75
- SHA1
  
  638a4affdec61a3327e8fbe0fd9d7f46253809e0
- SHA256
  
  0fef509b48adbcd517d71debf0b26f546db56db57d4ef62f386be839418a68a0
- SHA512
  
  06a07a9209dc0ec4ab4b6af05cad89bc167aabc359356a1dca8eee5420b96605e7bc031ef29351f79c18fc3829d1151dd7bc462274ad172a30fac7c392cf8ccd
- SSDEEP
  
  49152:sP5Z00mp+oBjG+ZMS9o5z8Hd1hpjE5Etw/vegnNI:Uw+kKI9Y+cEtGWt
Score

7^/10
- Deletes itself
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral19 behavioral20
- Target
  
  101.34.205.247:8080/vshell_x86/lib.dll
- Size
  
  89KB
- MD5
  
  5dfcbcdad98d681ed5b306da4e9fc608
- SHA1
  
  eb7e11b5323b359e43d5233a84d751b3357eaf1b
- SHA256
  
  65ebdb3ffb3bdb10219baefb870aaeccc3aaba156909cf016f75f7861048f739
- SHA512
  
  23e36ff0d539b5666abefa68fba954aac209b64c08a2de926184515e81b1dbc37bb6c2f353361b3b35b2f5ddf8148173283cffb84f8e1693b1b30dcef741ce1d
- SSDEEP
  
  1536:jd5wd+ywOpmbhcsrG4ckZEzH3qDLItnTwfokR2KecbGJvVo+Ep4ziAIEp4z8Q:jdJywOpmbPrHI6D+nTwzlecbGlV3X+XX
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  101.34.205.247:8080/vshell_x86/uninstall.exe
- Size
  
  42KB
- MD5
  
  ab4a093dd81bc04606407525a55baff3
- SHA1
  
  2c70f61d0b0a876470263322af5888a59786ea54
- SHA256
  
  6da241c8d2d7972a8ef9d7c23c479cd1de07cf1e2e097cc380d7b87f77444e60
- SHA512
  
  bd4094a8cfdc750a9254cdbe3103dc679c363e9675074c2e9788832a3475a39265e8880de9aba1d94180723ac523a762f74490d0ce35c29b720f7dd554853872
- SSDEEP
  
  768:HmQ/yA2ybGdklbB1iPxFb2EXcqZkjcemyBe6ts89zKbOh:hH2wGduB4P/bvXcQkjJmyBeyzEw
Score

7^/10

discovery
- Deletes itself
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral23 behavioral24
- Target
  
  101.34.205.247:8080/vshell_x86/vcruntime140.dll
- Size
  
  3.3MB
- MD5
  
  1ebc18e495f72f1d66c10581fe71741e
- SHA1
  
  92a232af318de07e87957a62a7da85f5bfcfbfb3
- SHA256
  
  b8e8764dde8cf68c07c504923fac388ed42c3ba8bc6450e01d2748bb4aa6504c
- SHA512
  
  ec93f626543040ef5eb39cb3ffb931c8d15eec486da47533aaf2e7251c0bd903f1e9211e59645432e6b3333a0f5a2969b790a58290c4b40dfbc1d2733ea3f834
- SSDEEP
  
  49152:XAurYGI69ns9SvMgzx9GYQt4/K9vKjx/uNS8:QurYxks94+S8
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  101.34.205.247:8080/x86.exe
- Size
  
  354KB
- MD5
  
  db534fbe3ee3df7239a29c1622eb6259
- SHA1
  
  9898a3f0be39b8a3d08b81bdc937cd273166122a
- SHA256
  
  25061c368750b614c2c3b1847fb14cbf44e6b6c42b4b4069f22682386a5907b3
- SHA512
  
  c1b3cb0136f24d8216267ef1b7aee8bf20662dc9d4fcd5a8ee534296d171f1ecd932242244e2152f0a9fa54df636e39961e715a86cb910d2bb8b4b84a077b979
- SSDEEP
  
  6144:wxhSqmqPQRpujRS547jYEzkfCUbwIGn8WG6VWEXrw6K3Oi/T+1ZWh:jqmqoWjW+kfCUbwr8WG6EE0xnT+12
Score

3^/10

discovery
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Deletes itself

Suspicious use of NtSetInformationThreadHideFromDebugger

Deletes itself

Suspicious use of NtSetInformationThreadHideFromDebugger

Deletes itself

Suspicious use of NtSetInformationThreadHideFromDebugger

Deletes itself

Suspicious use of NtSetInformationThreadHideFromDebugger

Deletes itself

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28