General
-
Target
251345b721e0587f1f08f54a81e26abac075acf3c4473a2c3ba8efcedc3b2459
-
Size
1.4MB
-
Sample
220127-z2z3fsaehq
-
MD5
4e26df05675bc0c86cdd2fc4e28484c1
-
SHA1
0509fece80548d98396a7edbc3d91f08a3aac7b5
-
SHA256
251345b721e0587f1f08f54a81e26abac075acf3c4473a2c3ba8efcedc3b2459
-
SHA512
3abc0b73cad4345c9cd672529a3a84a50bd7a68f0c0a49fef4cafef0885cb3c963228f5b804bbb0198148d1d306a5e642bbb337c71164b8f12ef771dfcd2e653
Static task
static1
Behavioral task
behavioral1
Sample
251345b721e0587f1f08f54a81e26abac075acf3c4473a2c3ba8efcedc3b2459.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
251345b721e0587f1f08f54a81e26abac075acf3c4473a2c3ba8efcedc3b2459.exe
Resource
win10-en-20211208
Malware Config
Extracted
metasploit
windows/download_exec
http://dazqc4f140wtl.cloudfront.net:80/ZZYO
Targets
-
-
Target
251345b721e0587f1f08f54a81e26abac075acf3c4473a2c3ba8efcedc3b2459
-
Size
1.4MB
-
MD5
4e26df05675bc0c86cdd2fc4e28484c1
-
SHA1
0509fece80548d98396a7edbc3d91f08a3aac7b5
-
SHA256
251345b721e0587f1f08f54a81e26abac075acf3c4473a2c3ba8efcedc3b2459
-
SHA512
3abc0b73cad4345c9cd672529a3a84a50bd7a68f0c0a49fef4cafef0885cb3c963228f5b804bbb0198148d1d306a5e642bbb337c71164b8f12ef771dfcd2e653
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Blocklisted process makes network request
-
Sets DLL path for service in the registry
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-