General
-
Target
14c63d1c8979ac3e55720fbfedd7f1f7fb68bbf16a2ca2882284817cf01ccd8f
-
Size
14.6MB
-
Sample
200911-qlf6z6v34n
-
MD5
18067be70aad9ca5d329663e35ed5cde
-
SHA1
8655fc0484f35513527268f7313334dc2c2d5953
-
SHA256
14c63d1c8979ac3e55720fbfedd7f1f7fb68bbf16a2ca2882284817cf01ccd8f
-
SHA512
8b071bbe15118e69873a600e2bdb15125f8c6ae1ab133b1951fbbf52b4dddd65734088dd51f84de716f9c2cbb22bcda40c83d129d8594fbb839a3975355277ed
Static task
static1
Behavioral task
behavioral1
Sample
14c63d1c8979ac3e55720fbfedd7f1f7fb68bbf16a2ca2882284817cf01ccd8f.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
14c63d1c8979ac3e55720fbfedd7f1f7fb68bbf16a2ca2882284817cf01ccd8f.exe
Resource
win10v200722
Malware Config
Extracted
metasploit
windows/download_exec
http://39.101.174.221:12358/LWbW
- headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)
Targets
-
-
Target
14c63d1c8979ac3e55720fbfedd7f1f7fb68bbf16a2ca2882284817cf01ccd8f
-
Size
14.6MB
-
MD5
18067be70aad9ca5d329663e35ed5cde
-
SHA1
8655fc0484f35513527268f7313334dc2c2d5953
-
SHA256
14c63d1c8979ac3e55720fbfedd7f1f7fb68bbf16a2ca2882284817cf01ccd8f
-
SHA512
8b071bbe15118e69873a600e2bdb15125f8c6ae1ab133b1951fbbf52b4dddd65734088dd51f84de716f9c2cbb22bcda40c83d129d8594fbb839a3975355277ed
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Registers COM server for autorun
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
JavaScript code in executable
-
Drops file in System32 directory
-
Modifies service
-