General
-
Target
c9a4b69fd8936fabe1d044c35baaa28e4bd0aa563769a76d4dba7c16e6fc3009
-
Size
5KB
-
Sample
201108-say7cqeetx
-
MD5
a3bfdf001d9e5e1276b95a112b74d37f
-
SHA1
cba777ad1363ad2840d43cfff8833ca22ff8c0d0
-
SHA256
c9a4b69fd8936fabe1d044c35baaa28e4bd0aa563769a76d4dba7c16e6fc3009
-
SHA512
4a48b115adaf593997f73c16c3424eb461b752ea39e5247e8252e1b92c02b5d9b0ba42da2cb63fc8592b52116786cf1631608105bf29c617f223c9d13e48fcbc
Static task
static1
Behavioral task
behavioral1
Sample
c9a4b69fd8936fabe1d044c35baaa28e4bd0aa563769a76d4dba7c16e6fc3009.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
c9a4b69fd8936fabe1d044c35baaa28e4bd0aa563769a76d4dba7c16e6fc3009.dll
Resource
win10v20201028
Malware Config
Extracted
metasploit
windows/download_exec
http://example.com:80/hop.php?/12345
Targets
-
-
Target
c9a4b69fd8936fabe1d044c35baaa28e4bd0aa563769a76d4dba7c16e6fc3009
-
Size
5KB
-
MD5
a3bfdf001d9e5e1276b95a112b74d37f
-
SHA1
cba777ad1363ad2840d43cfff8833ca22ff8c0d0
-
SHA256
c9a4b69fd8936fabe1d044c35baaa28e4bd0aa563769a76d4dba7c16e6fc3009
-
SHA512
4a48b115adaf593997f73c16c3424eb461b752ea39e5247e8252e1b92c02b5d9b0ba42da2cb63fc8592b52116786cf1631608105bf29c617f223c9d13e48fcbc
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Blacklisted process makes network request
-
Suspicious use of SetThreadContext
-