General
-
Target
274717d4a4080a6f2448931832f9eeb91cc0cbe69ff65f2751a9ace86a76e670
-
Size
1.4MB
-
Sample
220127-zx8tssaeel
-
MD5
dabee869ba028b31cd18400466798169
-
SHA1
a8936af9d8f5577d0be83cf224cae4bd6d323b7e
-
SHA256
274717d4a4080a6f2448931832f9eeb91cc0cbe69ff65f2751a9ace86a76e670
-
SHA512
bf18449aceb3fcacc10bca14ff995b9958feac332e8cd2e0ccf7bfa7ce5a0aa7a7cdc9ddcd3da3eacf20b6a9e7ff86ea597947307c1bc73d81b5e3a34e158d6e
Static task
static1
Behavioral task
behavioral1
Sample
274717d4a4080a6f2448931832f9eeb91cc0cbe69ff65f2751a9ace86a76e670.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
274717d4a4080a6f2448931832f9eeb91cc0cbe69ff65f2751a9ace86a76e670.exe
Resource
win10-en-20211208
Malware Config
Extracted
metasploit
windows/download_exec
http://dazqc4f140wtl.cloudfront.net:80/ZZYO
Targets
-
-
Target
274717d4a4080a6f2448931832f9eeb91cc0cbe69ff65f2751a9ace86a76e670
-
Size
1.4MB
-
MD5
dabee869ba028b31cd18400466798169
-
SHA1
a8936af9d8f5577d0be83cf224cae4bd6d323b7e
-
SHA256
274717d4a4080a6f2448931832f9eeb91cc0cbe69ff65f2751a9ace86a76e670
-
SHA512
bf18449aceb3fcacc10bca14ff995b9958feac332e8cd2e0ccf7bfa7ce5a0aa7a7cdc9ddcd3da3eacf20b6a9e7ff86ea597947307c1bc73d81b5e3a34e158d6e
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Sets DLL path for service in the registry
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-