General
-
Target
2.ps1
-
Size
2KB
-
Sample
201109-xrfqrhc25e
-
MD5
e88b29f5f5e5cd6216ceb2c0b9b77d26
-
SHA1
d47978b36a8231be8ef62cf91c55673ade61d6d4
-
SHA256
44bc627b03d3cae224c6c7036771562f3808b57c40e6fb38da76860649c98bbc
-
SHA512
6eff2d6ea1b65a275ddbfaebbdb7a7bae3d0663b7c8351fdce2416bb50622da2f38738296632100fe90d504c8421bccb90e17a62b6db9b4a2495c3d9cdeba5ae
Static task
static1
Behavioral task
behavioral1
Sample
2.ps1
Resource
win10v20201028
Malware Config
Extracted
metasploit
metasploit_stager
203.78.103.109:443
Targets
-
-
Target
2.ps1
-
Size
2KB
-
MD5
e88b29f5f5e5cd6216ceb2c0b9b77d26
-
SHA1
d47978b36a8231be8ef62cf91c55673ade61d6d4
-
SHA256
44bc627b03d3cae224c6c7036771562f3808b57c40e6fb38da76860649c98bbc
-
SHA512
6eff2d6ea1b65a275ddbfaebbdb7a7bae3d0663b7c8351fdce2416bb50622da2f38738296632100fe90d504c8421bccb90e17a62b6db9b4a2495c3d9cdeba5ae
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Blacklisted process makes network request
-