General
-
Target
4718076921937920.zip
-
Size
1.7MB
-
Sample
210202-zenqcbjlga
-
MD5
4488d6b01c1825f92ac2e1bfdfb6fd79
-
SHA1
4ad30952524d95b59bf74a779ff04fab6ed78b45
-
SHA256
728d6c34e2f3ae5ab5f2ce4a73dc8231f8ad01fed0ce0c28c58185164a802833
-
SHA512
829ab54501c098a0a20d4f44c339a2fb041004c14d4db50b7aa5a3f017d84a29a0179ae08d8c752e9b122811c0f0aaacb200ecddb878e19663550cc8a4cba081
Static task
static1
Behavioral task
behavioral1
Sample
35cb971daafd368b71ad843a4e0b81c80225ec20d7679cfbf78e628ebcada542.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
35cb971daafd368b71ad843a4e0b81c80225ec20d7679cfbf78e628ebcada542.exe
Resource
win10v20201028
Malware Config
Extracted
metasploit
windows/download_exec
http://dazqc4f140wtl.cloudfront.net:80/ZZYO
Targets
-
-
Target
35cb971daafd368b71ad843a4e0b81c80225ec20d7679cfbf78e628ebcada542
-
Size
1.7MB
-
MD5
6f50e6df7619de17ea9c8ba397d0e674
-
SHA1
bc85589185fb3a6a73a404538366e6696b17daab
-
SHA256
35cb971daafd368b71ad843a4e0b81c80225ec20d7679cfbf78e628ebcada542
-
SHA512
2e2a0b51d13aaf8fdeeb7518dc9b4cdae4241ea7ae1ae4a4c21cd5f0da8adc07777227abb8412dfdbd7392bdb7e8c0e6fb10600bfff4662905ed1e6de18d6da4
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Sets DLL path for service in the registry
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
JavaScript code in executable
-