General

  • Target

    5724b08265a843f56bb46c245e077592fc64dd30b8ce6a68f987693c06e8885f

  • Size

    1.3MB

  • Sample

    241203-q8y93aykas

  • MD5

    4e11de1a378b9575f325ec1eff518872

  • SHA1

    395335c2c2c422e627dc4e907fe08f79750a8bdd

  • SHA256

    5724b08265a843f56bb46c245e077592fc64dd30b8ce6a68f987693c06e8885f

  • SHA512

    549cf327ba71629a7d10fdded6855d3eab60e0f8663e35df7c31b5bdf283a2a74683d874c0289b134338d01da815c8f4ad63fc0d398bdce191cf04b1dc413549

  • SSDEEP

    24576:v8/tIlvy2W2fcVNCRh7kCk2SeiKSBZ6bc9E2:k/+hBZfwapgVbBUbcG

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

124.248.69.230:29782

Targets

    • Target

      5724b08265a843f56bb46c245e077592fc64dd30b8ce6a68f987693c06e8885f

    • Size

      1.3MB

    • MD5

      4e11de1a378b9575f325ec1eff518872

    • SHA1

      395335c2c2c422e627dc4e907fe08f79750a8bdd

    • SHA256

      5724b08265a843f56bb46c245e077592fc64dd30b8ce6a68f987693c06e8885f

    • SHA512

      549cf327ba71629a7d10fdded6855d3eab60e0f8663e35df7c31b5bdf283a2a74683d874c0289b134338d01da815c8f4ad63fc0d398bdce191cf04b1dc413549

    • SSDEEP

      24576:v8/tIlvy2W2fcVNCRh7kCk2SeiKSBZ6bc9E2:k/+hBZfwapgVbBUbcG

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Metasploit family

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks