General
-
Target
31ce0d989e9f3e077c9bfc6860aed53986e32826b383cdaa4122780d7c04f808
-
Size
142KB
-
Sample
220620-wg8mbaghbl
-
MD5
b7920415a12a7db60121cecf1682c1bd
-
SHA1
d2c4bc48ae40d0479020bc91f8135d14d0deca57
-
SHA256
31ce0d989e9f3e077c9bfc6860aed53986e32826b383cdaa4122780d7c04f808
-
SHA512
1a8930fc137a61decef7a2e3df3e6b477309278a6dae5b14b83d565873456d9987a57613bfa0c3a7a6bc05341207a376b0ffce344cf29db12f3aa385f6635de1
Static task
static1
Behavioral task
behavioral1
Sample
31ce0d989e9f3e077c9bfc6860aed53986e32826b383cdaa4122780d7c04f808.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
31ce0d989e9f3e077c9bfc6860aed53986e32826b383cdaa4122780d7c04f808.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Targets
-
-
Target
31ce0d989e9f3e077c9bfc6860aed53986e32826b383cdaa4122780d7c04f808
-
Size
142KB
-
MD5
b7920415a12a7db60121cecf1682c1bd
-
SHA1
d2c4bc48ae40d0479020bc91f8135d14d0deca57
-
SHA256
31ce0d989e9f3e077c9bfc6860aed53986e32826b383cdaa4122780d7c04f808
-
SHA512
1a8930fc137a61decef7a2e3df3e6b477309278a6dae5b14b83d565873456d9987a57613bfa0c3a7a6bc05341207a376b0ffce344cf29db12f3aa385f6635de1
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-