General
-
Target
fb6e630be6338a0eddec9b6c000ae5e874f7e465b1d7385923939da803b17036
-
Size
84KB
-
Sample
220520-dsr5lafca8
-
MD5
c5ad0421f91222c171c271f87c6061f5
-
SHA1
519587e403dafb85f33f8490f64d6d6e6d035bb2
-
SHA256
fb6e630be6338a0eddec9b6c000ae5e874f7e465b1d7385923939da803b17036
-
SHA512
6e4bb50c2107965b2e0ab6defd7b78e808c1bf1a3b999f868c98e1ee20ca9c29687aa398b38a3ab37051dc1f570e995e7654208ad7cfe0e2af8d882e998f1010
Static task
static1
Behavioral task
behavioral1
Sample
fb6e630be6338a0eddec9b6c000ae5e874f7e465b1d7385923939da803b17036.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
fb6e630be6338a0eddec9b6c000ae5e874f7e465b1d7385923939da803b17036.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
metasploit
windows/reverse_http
http://167.99.73.143:443/bgZP3X5UOnyPy47K0TMZLgqHarw2HV1Mi8x3WHXvunSTGmXe_NTMPb6-DnzwTFdUgSBn2UFjaet13vLREqp_PvHS3znEqaZOh2BARrqe2tSeR0-EYqUTqWgHFcPuDMO3EdNL-c5Ey5yRS4lHCzs9ZXyItJfYWMVNTvb51gjivgbGhj-Ew8gltksOVljKht7u
Targets
-
-
Target
fb6e630be6338a0eddec9b6c000ae5e874f7e465b1d7385923939da803b17036
-
Size
84KB
-
MD5
c5ad0421f91222c171c271f87c6061f5
-
SHA1
519587e403dafb85f33f8490f64d6d6e6d035bb2
-
SHA256
fb6e630be6338a0eddec9b6c000ae5e874f7e465b1d7385923939da803b17036
-
SHA512
6e4bb50c2107965b2e0ab6defd7b78e808c1bf1a3b999f868c98e1ee20ca9c29687aa398b38a3ab37051dc1f570e995e7654208ad7cfe0e2af8d882e998f1010
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-