General
-
Target
tmp
-
Size
825KB
-
Sample
220704-mswbpaafg4
-
MD5
bd9e301a962082b9f4682f61d31a82b8
-
SHA1
fee58db4910fe6f69082d0e428381e1f724c110a
-
SHA256
c7ed8b000f4af6b1df3709af8551cdada6fff8483b882e5de9848742225297c7
-
SHA512
c71cf344bba39c822c88919704cf0092333026b221c0626d4e95321c22aa03001d3ab5c723301cc7e9a6aac27d2a01704541b63d1dbb3e5907116db37fde0fe1
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
metasploit
windows/reverse_tcp
124.71.29.227:6666
Targets
-
-
Target
tmp
-
Size
825KB
-
MD5
bd9e301a962082b9f4682f61d31a82b8
-
SHA1
fee58db4910fe6f69082d0e428381e1f724c110a
-
SHA256
c7ed8b000f4af6b1df3709af8551cdada6fff8483b882e5de9848742225297c7
-
SHA512
c71cf344bba39c822c88919704cf0092333026b221c0626d4e95321c22aa03001d3ab5c723301cc7e9a6aac27d2a01704541b63d1dbb3e5907116db37fde0fe1
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-