General
-
Target
2f5fb4e1072044149b32603860be0857227ed12cde223b5be787c10bcedbc51a
-
Size
1.4MB
-
Sample
220127-zf45aaabcj
-
MD5
0b760414449ce17229987e9d6ca4d889
-
SHA1
6316d311881728e982306ac088e29ff55e9c736b
-
SHA256
2f5fb4e1072044149b32603860be0857227ed12cde223b5be787c10bcedbc51a
-
SHA512
6347828f65eb091a0af8496aaa66c90d89ebf26a94a09db2f9f4ab768a3580b9a1bf60699f93ad35fb0004e99b37fd01c8a4604f42678fe3d1b3fecc0df0e58d
Static task
static1
Behavioral task
behavioral1
Sample
2f5fb4e1072044149b32603860be0857227ed12cde223b5be787c10bcedbc51a.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
2f5fb4e1072044149b32603860be0857227ed12cde223b5be787c10bcedbc51a.exe
Resource
win10-en-20211208
Malware Config
Extracted
metasploit
windows/download_exec
http://dazqc4f140wtl.cloudfront.net:80/ZZYO
Targets
-
-
Target
2f5fb4e1072044149b32603860be0857227ed12cde223b5be787c10bcedbc51a
-
Size
1.4MB
-
MD5
0b760414449ce17229987e9d6ca4d889
-
SHA1
6316d311881728e982306ac088e29ff55e9c736b
-
SHA256
2f5fb4e1072044149b32603860be0857227ed12cde223b5be787c10bcedbc51a
-
SHA512
6347828f65eb091a0af8496aaa66c90d89ebf26a94a09db2f9f4ab768a3580b9a1bf60699f93ad35fb0004e99b37fd01c8a4604f42678fe3d1b3fecc0df0e58d
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Sets DLL path for service in the registry
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-