General
-
Target
31c52fec2654717cb5b0d04c9fce32b41229af3e13d0507e2518e798f089b6df
-
Size
146KB
-
Sample
220620-wl52zshbaj
-
MD5
9cc162dc30cd17eaf8efede2ebcc0c8c
-
SHA1
b267c9a8c78b0a601931538ac0f805186b9fee92
-
SHA256
31c52fec2654717cb5b0d04c9fce32b41229af3e13d0507e2518e798f089b6df
-
SHA512
07f9c6ada30256048d1fa7b71dc1f44fa3678cf23371f7a90a8a91d8457aa10c8b40aaa316d5705c5620e6650f3dd9faf65d17caaa7cd19dc61ee6e45023f210
Static task
static1
Behavioral task
behavioral1
Sample
31c52fec2654717cb5b0d04c9fce32b41229af3e13d0507e2518e798f089b6df.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
31c52fec2654717cb5b0d04c9fce32b41229af3e13d0507e2518e798f089b6df.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
31c52fec2654717cb5b0d04c9fce32b41229af3e13d0507e2518e798f089b6df
-
Size
146KB
-
MD5
9cc162dc30cd17eaf8efede2ebcc0c8c
-
SHA1
b267c9a8c78b0a601931538ac0f805186b9fee92
-
SHA256
31c52fec2654717cb5b0d04c9fce32b41229af3e13d0507e2518e798f089b6df
-
SHA512
07f9c6ada30256048d1fa7b71dc1f44fa3678cf23371f7a90a8a91d8457aa10c8b40aaa316d5705c5620e6650f3dd9faf65d17caaa7cd19dc61ee6e45023f210
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies firewall policy service
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-