General
-
Target
274717d4a4080a6f2448931832f9eeb91cc0cbe69ff65f2751a9ace86a76e670
-
Size
1.4MB
-
Sample
220127-zx8tssaeel
-
MD5
dabee869ba028b31cd18400466798169
-
SHA1
a8936af9d8f5577d0be83cf224cae4bd6d323b7e
-
SHA256
274717d4a4080a6f2448931832f9eeb91cc0cbe69ff65f2751a9ace86a76e670
-
SHA512
bf18449aceb3fcacc10bca14ff995b9958feac332e8cd2e0ccf7bfa7ce5a0aa7a7cdc9ddcd3da3eacf20b6a9e7ff86ea597947307c1bc73d81b5e3a34e158d6e
Malware Config
Extracted
metasploit
windows/download_exec
http://dazqc4f140wtl.cloudfront.net:80/ZZYO
Targets
-
-
Target
274717d4a4080a6f2448931832f9eeb91cc0cbe69ff65f2751a9ace86a76e670
-
Size
1.4MB
-
MD5
dabee869ba028b31cd18400466798169
-
SHA1
a8936af9d8f5577d0be83cf224cae4bd6d323b7e
-
SHA256
274717d4a4080a6f2448931832f9eeb91cc0cbe69ff65f2751a9ace86a76e670
-
SHA512
bf18449aceb3fcacc10bca14ff995b9958feac332e8cd2e0ccf7bfa7ce5a0aa7a7cdc9ddcd3da3eacf20b6a9e7ff86ea597947307c1bc73d81b5e3a34e158d6e
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Sets DLL path for service in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-