General
-
Target
5b958499b0f7e27eda1e628f1122be0ea4ac505faa931e26f4ff39f6ce1c648e
-
Size
275KB
-
Sample
201114-p8d59fq5ax
-
MD5
24db12df9a2c5e70aa0f83eaaa2ef3ee
-
SHA1
224c8c0c0519c9891224fa28d990cd63c8e6e457
-
SHA256
5b958499b0f7e27eda1e628f1122be0ea4ac505faa931e26f4ff39f6ce1c648e
-
SHA512
673fbb054f353286118ebee7776237a4774647f75adbc3e91fb11d943249f16292603ee27fe084c7789475d0b1ebf4c1ddb70e6ccdc1b5ac00cfa0e1cce17995
Static task
static1
Behavioral task
behavioral1
Sample
5b958499b0f7e27eda1e628f1122be0ea4ac505faa931e26f4ff39f6ce1c648e.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
5b958499b0f7e27eda1e628f1122be0ea4ac505faa931e26f4ff39f6ce1c648e.exe
Resource
win10v20201028
Malware Config
Extracted
metasploit
windows/download_exec
http://144.48.9.115:443/YCiX
Targets
-
-
Target
5b958499b0f7e27eda1e628f1122be0ea4ac505faa931e26f4ff39f6ce1c648e
-
Size
275KB
-
MD5
24db12df9a2c5e70aa0f83eaaa2ef3ee
-
SHA1
224c8c0c0519c9891224fa28d990cd63c8e6e457
-
SHA256
5b958499b0f7e27eda1e628f1122be0ea4ac505faa931e26f4ff39f6ce1c648e
-
SHA512
673fbb054f353286118ebee7776237a4774647f75adbc3e91fb11d943249f16292603ee27fe084c7789475d0b1ebf4c1ddb70e6ccdc1b5ac00cfa0e1cce17995
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-