General
-
Target
23s
-
Size
71KB
-
Sample
220611-tpyqzaffak
-
MD5
e79d48bc650a2e1bd36d73f438826b8d
-
SHA1
191e1644ca6b40fd8469d8013e4f931ac9877c18
-
SHA256
5f3916cde8f3852fc370be7442e668f31a0d676f2ae912f88042481f972cc26a
-
SHA512
7451442c8ff56ce0124efe429afbba480c71e56247f5cbebe83a0aa7107e9e3c3f68e891dfa928d1fc47be8c5fd715f59ebd252cf4d3d06f1eb471f6d422948d
Malware Config
Extracted
metasploit
metasploit_stager
51.75.89.111:50438
Targets
-
-
Target
23s
-
Size
71KB
-
MD5
e79d48bc650a2e1bd36d73f438826b8d
-
SHA1
191e1644ca6b40fd8469d8013e4f931ac9877c18
-
SHA256
5f3916cde8f3852fc370be7442e668f31a0d676f2ae912f88042481f972cc26a
-
SHA512
7451442c8ff56ce0124efe429afbba480c71e56247f5cbebe83a0aa7107e9e3c3f68e891dfa928d1fc47be8c5fd715f59ebd252cf4d3d06f1eb471f6d422948d
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
suricata: ET MALWARE Possible Metasploit Payload Common Construct Bind_API (from server)
suricata: ET MALWARE Possible Metasploit Payload Common Construct Bind_API (from server)
-
mimikatz is an open source tool to dump credentials on Windows
-