metasploit | Avast-Setup-v8[.]56[.]msi | Triage

Sharing

General

Target

Avast-Setup-v8.56.msi
Size

156KB
MD5

6d0aece3c6c497e5c95f5211391eeb5a
SHA1

27fe022501362ce3d8aad3d8d0ecf0b869580ba0
SHA256

9dc9fec6cfd0f7e565d2bcc58cc487f720d1b25bb650cb34431372d89c515fb5
SHA512

59e6e29a37d37e54ac1c75820f35fa5a4c0fccbe6a7962addd6e929bcd75e8e8465a5c6b59f28b22d14e54a76bc619440bbc5374265072b2bf9145cf100eb7f0

Score

10^/10

macro xlm metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

3.22.53.161:10939

Signatures

Metasploit family
metasploit
Suspicious Office macro 1 IoCs
Office document equipped with 4.0 macros.
macro xlm

Processes:

resource yara_rule

sample office_xlm_macros

Files

Avast-Setup-v8.56.msi
.msi