General
-
Target
49f80e9afca6ccd55838cd0e16639d51ed5db3d751f36ba7d79ea0678b50da6a
-
Size
275KB
-
Sample
201110-h8pfl74v9x
-
MD5
64e6a76b7bfdd1a130c2bb64ab92cf75
-
SHA1
39caec38241b08286a1a52d87dbfdc1a10fb91b8
-
SHA256
49f80e9afca6ccd55838cd0e16639d51ed5db3d751f36ba7d79ea0678b50da6a
-
SHA512
5ac8a8034c935f75b496717eceb00b6f594d1a4ec527a12f7ae8d4b078debe9a5ce95c6e5838811386dd060371ab13c9abdeb1bf297c6df007d9dd972ce89b9b
Static task
static1
Behavioral task
behavioral1
Sample
49f80e9afca6ccd55838cd0e16639d51ed5db3d751f36ba7d79ea0678b50da6a.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
49f80e9afca6ccd55838cd0e16639d51ed5db3d751f36ba7d79ea0678b50da6a.exe
Resource
win10v20201028
Malware Config
Extracted
metasploit
windows/download_exec
http://144.48.9.115:443/YCiX
Targets
-
-
Target
49f80e9afca6ccd55838cd0e16639d51ed5db3d751f36ba7d79ea0678b50da6a
-
Size
275KB
-
MD5
64e6a76b7bfdd1a130c2bb64ab92cf75
-
SHA1
39caec38241b08286a1a52d87dbfdc1a10fb91b8
-
SHA256
49f80e9afca6ccd55838cd0e16639d51ed5db3d751f36ba7d79ea0678b50da6a
-
SHA512
5ac8a8034c935f75b496717eceb00b6f594d1a4ec527a12f7ae8d4b078debe9a5ce95c6e5838811386dd060371ab13c9abdeb1bf297c6df007d9dd972ce89b9b
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-