General
-
Target
21f1a867fa6a418067be9c68d588e2eeba816bffcb10c9512f3b7927612a1221
-
Size
1.4MB
-
Sample
220127-z9v4gaagdq
-
MD5
ecd5aec67bc2a5c473c388137da86be5
-
SHA1
bc234b3dbb67ac5fef81f9ea631f2940522ced22
-
SHA256
21f1a867fa6a418067be9c68d588e2eeba816bffcb10c9512f3b7927612a1221
-
SHA512
a1bf9c85234984da4a566dd75e90c8b566681f48976e264f1c9cd36d3cceb9039358532e38bbb61cc1b24d510ffb18798ea76f4e5afb734064c4a9158c58cbc3
Static task
static1
Behavioral task
behavioral1
Sample
21f1a867fa6a418067be9c68d588e2eeba816bffcb10c9512f3b7927612a1221.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
21f1a867fa6a418067be9c68d588e2eeba816bffcb10c9512f3b7927612a1221.exe
Resource
win10-en-20211208
Malware Config
Extracted
metasploit
windows/download_exec
http://dazqc4f140wtl.cloudfront.net:80/ZZYO
Targets
-
-
Target
21f1a867fa6a418067be9c68d588e2eeba816bffcb10c9512f3b7927612a1221
-
Size
1.4MB
-
MD5
ecd5aec67bc2a5c473c388137da86be5
-
SHA1
bc234b3dbb67ac5fef81f9ea631f2940522ced22
-
SHA256
21f1a867fa6a418067be9c68d588e2eeba816bffcb10c9512f3b7927612a1221
-
SHA512
a1bf9c85234984da4a566dd75e90c8b566681f48976e264f1c9cd36d3cceb9039358532e38bbb61cc1b24d510ffb18798ea76f4e5afb734064c4a9158c58cbc3
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Sets DLL path for service in the registry
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-