General
-
Target
1138c002a361e5d7b6d39a02956689f3714864a27ae70a7064f8871204a47ed2
-
Size
738KB
-
Sample
220604-jpz9pahhdp
-
MD5
e933c74427cf653ac6e4cf3d0dd89b94
-
SHA1
585b3e89b1e16b58497112ee5c7c75c9b601777d
-
SHA256
1138c002a361e5d7b6d39a02956689f3714864a27ae70a7064f8871204a47ed2
-
SHA512
952db528eaa6b1e88cd086062f66583c85d70b98a184d8ae26130f2b4be70db42b5a476b447078ddef174f7af9ee040edab8acef03310ff4e3a8426a89669dab
Static task
static1
Behavioral task
behavioral1
Sample
1138c002a361e5d7b6d39a02956689f3714864a27ae70a7064f8871204a47ed2.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1138c002a361e5d7b6d39a02956689f3714864a27ae70a7064f8871204a47ed2.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
1138c002a361e5d7b6d39a02956689f3714864a27ae70a7064f8871204a47ed2
-
Size
738KB
-
MD5
e933c74427cf653ac6e4cf3d0dd89b94
-
SHA1
585b3e89b1e16b58497112ee5c7c75c9b601777d
-
SHA256
1138c002a361e5d7b6d39a02956689f3714864a27ae70a7064f8871204a47ed2
-
SHA512
952db528eaa6b1e88cd086062f66583c85d70b98a184d8ae26130f2b4be70db42b5a476b447078ddef174f7af9ee040edab8acef03310ff4e3a8426a89669dab
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Drops file in Drivers directory
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-