General
-
Target
2fb6e21a3ff9891c2cec0dd337d8e1a6eb861e5033c564c8c20eacb3c00cb319
-
Size
80KB
-
Sample
220621-xzm9rsaggk
-
MD5
607575be3135d1b617a5b2dddb884b19
-
SHA1
ac5ba76759290781374b7cb3007abec289ff12a0
-
SHA256
2fb6e21a3ff9891c2cec0dd337d8e1a6eb861e5033c564c8c20eacb3c00cb319
-
SHA512
deabfb343e9f4dc18344ff2a7a2db0c778e0e41b5cf269b1a2cb52ac3146d7fe60cb33bccbe89b248fda78ed67ebc0eef89b53f990484856a6587c60a82a3046
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
2fb6e21a3ff9891c2cec0dd337d8e1a6eb861e5033c564c8c20eacb3c00cb319
-
Size
80KB
-
MD5
607575be3135d1b617a5b2dddb884b19
-
SHA1
ac5ba76759290781374b7cb3007abec289ff12a0
-
SHA256
2fb6e21a3ff9891c2cec0dd337d8e1a6eb861e5033c564c8c20eacb3c00cb319
-
SHA512
deabfb343e9f4dc18344ff2a7a2db0c778e0e41b5cf269b1a2cb52ac3146d7fe60cb33bccbe89b248fda78ed67ebc0eef89b53f990484856a6587c60a82a3046
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
suricata: ET MALWARE IRC Nick change on non-standard port
suricata: ET MALWARE IRC Nick change on non-standard port
-
suricata: ET MALWARE Likely Bot Nick in IRC (USA +..)
suricata: ET MALWARE Likely Bot Nick in IRC (USA +..)
-
Adds policy Run key to start application
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-