General
-
Target
fba8817602cb7dae175d9fec0900fbfd3e097aae4d32befaecd87d6e3fdb7412
-
Size
19.0MB
-
Sample
200918-mxqeyjrkha
-
MD5
ee71a41a6128096140e5e8785802919b
-
SHA1
e0599d38735a4867ae88e0f9362d017acf2a22fa
-
SHA256
fba8817602cb7dae175d9fec0900fbfd3e097aae4d32befaecd87d6e3fdb7412
-
SHA512
52cf74998a7ca51047a1a19569c7571703e61f9278a45e339b2e9c9ce8b679b8b15b3979a69382d889c6ad04fb8b7ea1b3137742b4037c1a621627065c7fbf7b
Static task
static1
Behavioral task
behavioral1
Sample
fba8817602cb7dae175d9fec0900fbfd3e097aae4d32befaecd87d6e3fdb7412.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
fba8817602cb7dae175d9fec0900fbfd3e097aae4d32befaecd87d6e3fdb7412.exe
Resource
win10
Malware Config
Extracted
metasploit
windows/download_exec
http://39.101.174.221:12358/LWbW
- headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)
Targets
-
-
Target
fba8817602cb7dae175d9fec0900fbfd3e097aae4d32befaecd87d6e3fdb7412
-
Size
19.0MB
-
MD5
ee71a41a6128096140e5e8785802919b
-
SHA1
e0599d38735a4867ae88e0f9362d017acf2a22fa
-
SHA256
fba8817602cb7dae175d9fec0900fbfd3e097aae4d32befaecd87d6e3fdb7412
-
SHA512
52cf74998a7ca51047a1a19569c7571703e61f9278a45e339b2e9c9ce8b679b8b15b3979a69382d889c6ad04fb8b7ea1b3137742b4037c1a621627065c7fbf7b
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Registers COM server for autorun
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-