General
-
Target
testIP.dll
-
Size
184KB
-
Sample
210302-t3l14xccnx
-
MD5
0b3058610be54d83bb8f45d776affba6
-
SHA1
4f4cf4aacdd061ffd16a5bd3f21d10429e16ccb2
-
SHA256
d3007b759086f84695c154e6a10e862b6d4dc622f5ceb6da77adebf89d7cf455
-
SHA512
559875a25919dac0c49e16e60c1b678f5426c11017736af288ab3ad1c6f84f4868f7cc19ebe7af370ea5f8bec64ccaf6c1e48eb2f31094f2b918d87366354cdc
Static task
static1
Behavioral task
behavioral1
Sample
testIP.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
testIP.dll
Resource
win10v20201028
Malware Config
Extracted
metasploit
windows/download_exec
http://66.42.113.186:80/files/templates.jpg
- headers Connection: close User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 6.0.1; Microsoft; RM-1152) AppleWebKit/537.36 (KHTML, like Gecko)
Targets
-
-
Target
testIP.dll
-
Size
184KB
-
MD5
0b3058610be54d83bb8f45d776affba6
-
SHA1
4f4cf4aacdd061ffd16a5bd3f21d10429e16ccb2
-
SHA256
d3007b759086f84695c154e6a10e862b6d4dc622f5ceb6da77adebf89d7cf455
-
SHA512
559875a25919dac0c49e16e60c1b678f5426c11017736af288ab3ad1c6f84f4868f7cc19ebe7af370ea5f8bec64ccaf6c1e48eb2f31094f2b918d87366354cdc
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Blocklisted process makes network request
-