General
-
Target
112626c80723081de153623493adad8068d5b27497edf13dab5ed905bc3368e8
-
Size
48KB
-
Sample
220604-krn5wacagj
-
MD5
3a59d45ff99888ef3eda7595c10e295a
-
SHA1
2e41ca17e9549244d314fd287aeb159748d261f7
-
SHA256
112626c80723081de153623493adad8068d5b27497edf13dab5ed905bc3368e8
-
SHA512
890fb4cc5c73b84f52a2b3f1fc125200a5e1eee4aec39739814e923ad53f7c5397d0655a30a87d3b990482fae27930389d9663d9121e7b2008bd691ee8f18d92
Static task
static1
Behavioral task
behavioral1
Sample
112626c80723081de153623493adad8068d5b27497edf13dab5ed905bc3368e8.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
112626c80723081de153623493adad8068d5b27497edf13dab5ed905bc3368e8.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
112626c80723081de153623493adad8068d5b27497edf13dab5ed905bc3368e8
-
Size
48KB
-
MD5
3a59d45ff99888ef3eda7595c10e295a
-
SHA1
2e41ca17e9549244d314fd287aeb159748d261f7
-
SHA256
112626c80723081de153623493adad8068d5b27497edf13dab5ed905bc3368e8
-
SHA512
890fb4cc5c73b84f52a2b3f1fc125200a5e1eee4aec39739814e923ad53f7c5397d0655a30a87d3b990482fae27930389d9663d9121e7b2008bd691ee8f18d92
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
suricata: ET MALWARE DNS Reply Sinkhole - Microsoft - 199.2.137.0/24
suricata: ET MALWARE DNS Reply Sinkhole - Microsoft - 199.2.137.0/24
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-