General
-
Target
042efe5c5226dd19361fb832bdd29267276d7fa7a23eca5ced3c2bb7b4d30f7d
-
Size
1.4MB
-
Sample
220128-bx5kdaeeb3
-
MD5
ef97e5527218a20de75c24f391a586c1
-
SHA1
9f6a59fa9ee5ac3bca31bc896a01ddc3dcb76391
-
SHA256
042efe5c5226dd19361fb832bdd29267276d7fa7a23eca5ced3c2bb7b4d30f7d
-
SHA512
acaeba613c806367465e094310998e17eeea14e963176328879577115bb716644ddb44e282161a6d3d11a2c4b278fddd6af1b10f30ae3feb976ac35c8e1aef2a
Static task
static1
Behavioral task
behavioral1
Sample
042efe5c5226dd19361fb832bdd29267276d7fa7a23eca5ced3c2bb7b4d30f7d.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
042efe5c5226dd19361fb832bdd29267276d7fa7a23eca5ced3c2bb7b4d30f7d.exe
Resource
win10-en-20211208
Malware Config
Extracted
metasploit
windows/download_exec
http://dazqc4f140wtl.cloudfront.net:80/ZZYO
Targets
-
-
Target
042efe5c5226dd19361fb832bdd29267276d7fa7a23eca5ced3c2bb7b4d30f7d
-
Size
1.4MB
-
MD5
ef97e5527218a20de75c24f391a586c1
-
SHA1
9f6a59fa9ee5ac3bca31bc896a01ddc3dcb76391
-
SHA256
042efe5c5226dd19361fb832bdd29267276d7fa7a23eca5ced3c2bb7b4d30f7d
-
SHA512
acaeba613c806367465e094310998e17eeea14e963176328879577115bb716644ddb44e282161a6d3d11a2c4b278fddd6af1b10f30ae3feb976ac35c8e1aef2a
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Sets DLL path for service in the registry
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-