General
-
Target
3c4e2b752f1f9976b4638a60cc606d4db88e4326cebaa99ef41df6bbdbc31f1a
-
Size
196KB
-
Sample
220703-jspx5abbdj
-
MD5
f9e95ae291c9d014bf6d7c035038c665
-
SHA1
2d5ce01b255c567489c218bd5cc72aa3a966fcd9
-
SHA256
3c4e2b752f1f9976b4638a60cc606d4db88e4326cebaa99ef41df6bbdbc31f1a
-
SHA512
f44d95b5fa0295122ac894724a896db353c740169167031413bf76e469b26af02d7652e6a79aa0fb10097ca7fb4b4437277fcce08623453a3bbbe42999e72970
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
3c4e2b752f1f9976b4638a60cc606d4db88e4326cebaa99ef41df6bbdbc31f1a
-
Size
196KB
-
MD5
f9e95ae291c9d014bf6d7c035038c665
-
SHA1
2d5ce01b255c567489c218bd5cc72aa3a966fcd9
-
SHA256
3c4e2b752f1f9976b4638a60cc606d4db88e4326cebaa99ef41df6bbdbc31f1a
-
SHA512
f44d95b5fa0295122ac894724a896db353c740169167031413bf76e469b26af02d7652e6a79aa0fb10097ca7fb4b4437277fcce08623453a3bbbe42999e72970
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
suricata: ET MALWARE IRC Nick change on non-standard port
suricata: ET MALWARE IRC Nick change on non-standard port
-
suricata: ET MALWARE Likely Bot Nick in IRC (USA +..)
suricata: ET MALWARE Likely Bot Nick in IRC (USA +..)
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-