General
-
Target
0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee
-
Size
1.4MB
-
Sample
220128-bdws5adddp
-
MD5
a02eed32b2a7d07c188e0e445604df8c
-
SHA1
73e197341b2745df805c2149a2123712c5bfcac9
-
SHA256
0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee
-
SHA512
d3d11b409eb35544a27df31fb8411c61ffbc73a95052077e0acea5e33cb11db47ffceae0fe16e37fd0d34e3034e90363d3a8992b5225ec1e9ee452d202324b4c
Static task
static1
Behavioral task
behavioral1
Sample
0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe
Resource
win10-en-20211208
Malware Config
Extracted
metasploit
windows/download_exec
http://dazqc4f140wtl.cloudfront.net:80/ZZYO
Targets
-
-
Target
0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee
-
Size
1.4MB
-
MD5
a02eed32b2a7d07c188e0e445604df8c
-
SHA1
73e197341b2745df805c2149a2123712c5bfcac9
-
SHA256
0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee
-
SHA512
d3d11b409eb35544a27df31fb8411c61ffbc73a95052077e0acea5e33cb11db47ffceae0fe16e37fd0d34e3034e90363d3a8992b5225ec1e9ee452d202324b4c
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Sets DLL path for service in the registry
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-