General
-
Target
25aae09e0b4117e7f5ab81b54d8800e029e55253a089e74002f2e00934ccb945
-
Size
143KB
-
Sample
220611-w1pcsabdck
-
MD5
88ae0425866fbbdd68c640cdaac784b7
-
SHA1
a375d487c7c199afe7aba81c8b57727354d54265
-
SHA256
25aae09e0b4117e7f5ab81b54d8800e029e55253a089e74002f2e00934ccb945
-
SHA512
ceb59b6bf7b41de9378d6c1ec0c4b59d150c10641364c0ca21a6338e8fe4df49d48db9f9b54c730a4f56fb6509205c9455d8bd5f7f3a0bdf9300fb8be59a2a24
Static task
static1
Behavioral task
behavioral1
Sample
25aae09e0b4117e7f5ab81b54d8800e029e55253a089e74002f2e00934ccb945.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
25aae09e0b4117e7f5ab81b54d8800e029e55253a089e74002f2e00934ccb945.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Targets
-
-
Target
25aae09e0b4117e7f5ab81b54d8800e029e55253a089e74002f2e00934ccb945
-
Size
143KB
-
MD5
88ae0425866fbbdd68c640cdaac784b7
-
SHA1
a375d487c7c199afe7aba81c8b57727354d54265
-
SHA256
25aae09e0b4117e7f5ab81b54d8800e029e55253a089e74002f2e00934ccb945
-
SHA512
ceb59b6bf7b41de9378d6c1ec0c4b59d150c10641364c0ca21a6338e8fe4df49d48db9f9b54c730a4f56fb6509205c9455d8bd5f7f3a0bdf9300fb8be59a2a24
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-