General
-
Target
cd0415bdbb08803ac6cdc8243618bd5b70403c3f107abd7be1b5d1a9bd9c7a80
-
Size
6.0MB
-
Sample
220703-f3fknagfan
-
MD5
3cc4678d3265f53a87f44f77d2ae529e
-
SHA1
4482f39c73fc40e05d0356a952b9e0d4122ab996
-
SHA256
cd0415bdbb08803ac6cdc8243618bd5b70403c3f107abd7be1b5d1a9bd9c7a80
-
SHA512
20966d8ed2235681ac661f0e7e088bd7183962421a7a02dec8542f85aa5302269f24827868d8ef93e9e22e4be0a1b0782249e3e591fcd06a563c13b39a686170
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
cd0415bdbb08803ac6cdc8243618bd5b70403c3f107abd7be1b5d1a9bd9c7a80
-
Size
6.0MB
-
MD5
3cc4678d3265f53a87f44f77d2ae529e
-
SHA1
4482f39c73fc40e05d0356a952b9e0d4122ab996
-
SHA256
cd0415bdbb08803ac6cdc8243618bd5b70403c3f107abd7be1b5d1a9bd9c7a80
-
SHA512
20966d8ed2235681ac661f0e7e088bd7183962421a7a02dec8542f85aa5302269f24827868d8ef93e9e22e4be0a1b0782249e3e591fcd06a563c13b39a686170
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-