General
-
Target
33ee7ae472e679c8f3b53370f9eba8fa58c923ec1831525f56524fc9963353a9
-
Size
8.5MB
-
Sample
220619-3kte5afhfm
-
MD5
ee535a8ea4f5a528203b7fed911f0cdd
-
SHA1
5cf4a8b0b3acab1f68df9792677a4dbd4da8dca2
-
SHA256
33ee7ae472e679c8f3b53370f9eba8fa58c923ec1831525f56524fc9963353a9
-
SHA512
e47f3a0622977eec135c3750838aa38c1ea40d7df372cebd56b19f1297fb7dd3d0beb6ddbe6cfdd54bd8d2b02ecd40081608e93f124dc6456c48679306f0a8ce
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/reverse_winhttp
https://213.186.35.153:8080/Q1NSuetz0_jexd_EgquNYw_WOENe-eLtpUPsAQJFSgu
Targets
-
-
Target
33ee7ae472e679c8f3b53370f9eba8fa58c923ec1831525f56524fc9963353a9
-
Size
8.5MB
-
MD5
ee535a8ea4f5a528203b7fed911f0cdd
-
SHA1
5cf4a8b0b3acab1f68df9792677a4dbd4da8dca2
-
SHA256
33ee7ae472e679c8f3b53370f9eba8fa58c923ec1831525f56524fc9963353a9
-
SHA512
e47f3a0622977eec135c3750838aa38c1ea40d7df372cebd56b19f1297fb7dd3d0beb6ddbe6cfdd54bd8d2b02ecd40081608e93f124dc6456c48679306f0a8ce
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-