General
-
Target
9fb70c001307ee5f60eff1a9d9f5903ef909ddde5526cbe85a143d2fa6f51015.exe
-
Size
199KB
-
Sample
201229-k6b7k5a56n
-
MD5
5b5e120a4cf6fd359750b10a3afe5dd1
-
SHA1
d54e0bb8305f468797fd03f22d64edef03fd65f3
-
SHA256
9fb70c001307ee5f60eff1a9d9f5903ef909ddde5526cbe85a143d2fa6f51015
-
SHA512
a4e87629cb12aec6b7d280877210c241e5d9c129b099473ad3c54f2ba0ef6686d940ce8ffb9d65d2b5980e4a2441c87511d61b8fa600f63c26146b0739c6eb46
Static task
static1
Behavioral task
behavioral1
Sample
9fb70c001307ee5f60eff1a9d9f5903ef909ddde5526cbe85a143d2fa6f51015.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
9fb70c001307ee5f60eff1a9d9f5903ef909ddde5526cbe85a143d2fa6f51015.exe
Resource
win10v20201028
Malware Config
Extracted
metasploit
windows/reverse_http
http://thedonald.win:443/t6pNyjKhMouuSa9I8aNlOQxTWalk1ZSCWvqscRqnGo-36PO2VBgdduQJebUNp8cgFO03Hha7yXrD9Q8hF5KFjWFydleor9rJO_IdHjJYnwDz3V3CD1ZzbMGMIRgBfd4oD91ekmuH9O36BFxS-ApQa4m-JXlszaAFF92RuNpJlwnOZQaIE
Targets
-
-
Target
9fb70c001307ee5f60eff1a9d9f5903ef909ddde5526cbe85a143d2fa6f51015.exe
-
Size
199KB
-
MD5
5b5e120a4cf6fd359750b10a3afe5dd1
-
SHA1
d54e0bb8305f468797fd03f22d64edef03fd65f3
-
SHA256
9fb70c001307ee5f60eff1a9d9f5903ef909ddde5526cbe85a143d2fa6f51015
-
SHA512
a4e87629cb12aec6b7d280877210c241e5d9c129b099473ad3c54f2ba0ef6686d940ce8ffb9d65d2b5980e4a2441c87511d61b8fa600f63c26146b0739c6eb46
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-