General
-
Target
28fd3a1d9087d7b103b7f6cfca002798b6365fe6ebcc66fa02dbb4a9e6378e71
-
Size
365KB
-
Sample
220516-x374cadcb3
-
MD5
c4e9fc349d5c8b24c0ddb1533de2c16b
-
SHA1
147e938bd06709b3c20eea4ac461093d573be037
-
SHA256
28fd3a1d9087d7b103b7f6cfca002798b6365fe6ebcc66fa02dbb4a9e6378e71
-
SHA512
fd0cf6f434e665aabc91f6095394a08483990c12a0b6ad3a1bd820b740af0ddbc02bc0a2592be429c7488b3cd2889afad8f758b4258009dfe51e9faac76842be
Static task
static1
Behavioral task
behavioral1
Sample
28fd3a1d9087d7b103b7f6cfca002798b6365fe6ebcc66fa02dbb4a9e6378e71.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
28fd3a1d9087d7b103b7f6cfca002798b6365fe6ebcc66fa02dbb4a9e6378e71.js
Resource
win10v2004-20220414-en
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
28fd3a1d9087d7b103b7f6cfca002798b6365fe6ebcc66fa02dbb4a9e6378e71
-
Size
365KB
-
MD5
c4e9fc349d5c8b24c0ddb1533de2c16b
-
SHA1
147e938bd06709b3c20eea4ac461093d573be037
-
SHA256
28fd3a1d9087d7b103b7f6cfca002798b6365fe6ebcc66fa02dbb4a9e6378e71
-
SHA512
fd0cf6f434e665aabc91f6095394a08483990c12a0b6ad3a1bd820b740af0ddbc02bc0a2592be429c7488b3cd2889afad8f758b4258009dfe51e9faac76842be
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-