General
-
Target
5c10afa23f689af55e3479480f13836b05f64dc2f3edf47b7084f297c5894539
-
Size
3.1MB
-
Sample
201111-fkg2z7ef26
-
MD5
56f97661a171b446d89733cb499082e4
-
SHA1
feb03f3d2a29d27b56685954fb6b4a253e3da87f
-
SHA256
5c10afa23f689af55e3479480f13836b05f64dc2f3edf47b7084f297c5894539
-
SHA512
21b4ceb6ab24477722ba1d214903755eb7fdc5dfe527d690072e56a4b0e308f99e861f13f0b4c7d78fb194a58d428713bce360cb23b853f7646d87c52711107b
Static task
static1
Behavioral task
behavioral1
Sample
5c10afa23f689af55e3479480f13836b05f64dc2f3edf47b7084f297c5894539.msi
Resource
win7v20201028
Behavioral task
behavioral2
Sample
5c10afa23f689af55e3479480f13836b05f64dc2f3edf47b7084f297c5894539.msi
Resource
win10v20201028
Malware Config
Extracted
metasploit
windows/download_exec
http://47.91.237.42:8443/blIF
Targets
-
-
Target
5c10afa23f689af55e3479480f13836b05f64dc2f3edf47b7084f297c5894539
-
Size
3.1MB
-
MD5
56f97661a171b446d89733cb499082e4
-
SHA1
feb03f3d2a29d27b56685954fb6b4a253e3da87f
-
SHA256
5c10afa23f689af55e3479480f13836b05f64dc2f3edf47b7084f297c5894539
-
SHA512
21b4ceb6ab24477722ba1d214903755eb7fdc5dfe527d690072e56a4b0e308f99e861f13f0b4c7d78fb194a58d428713bce360cb23b853f7646d87c52711107b
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies service
-