General

  • Target

    90598bd93b43453acaa3d435d29f483c088752e5d457d7a9bcff49a39e41c377.exe

  • Size

    140KB

  • Sample

    241204-1tpr7ayqak

  • MD5

    ecf1dccb831f5d9f64e12e69cb04be74

  • SHA1

    c448fe8792bb8b3155f0f4fc360d3053155a64c5

  • SHA256

    90598bd93b43453acaa3d435d29f483c088752e5d457d7a9bcff49a39e41c377

  • SHA512

    d81cb71368738815dba2a8a14e1ce36a9f4251e97cbc177ea8ece1629fc44efe17a20e2f6c18b570f1638821a39a6ea5ee95a54f633701345fe585770d340770

  • SSDEEP

    3072:Cp651xEpsy1ai+6oTHzoMYypJTy4RhgVbYLr8imVO:lEb19/oTHzoMYynTy4C4hm8

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      90598bd93b43453acaa3d435d29f483c088752e5d457d7a9bcff49a39e41c377.exe

    • Size

      140KB

    • MD5

      ecf1dccb831f5d9f64e12e69cb04be74

    • SHA1

      c448fe8792bb8b3155f0f4fc360d3053155a64c5

    • SHA256

      90598bd93b43453acaa3d435d29f483c088752e5d457d7a9bcff49a39e41c377

    • SHA512

      d81cb71368738815dba2a8a14e1ce36a9f4251e97cbc177ea8ece1629fc44efe17a20e2f6c18b570f1638821a39a6ea5ee95a54f633701345fe585770d340770

    • SSDEEP

      3072:Cp651xEpsy1ai+6oTHzoMYypJTy4RhgVbYLr8imVO:lEb19/oTHzoMYynTy4C4hm8

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Metasploit family

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.