General
-
Target
1.rar
-
Size
209KB
-
Sample
220706-ehb63aadf5
-
MD5
034cccac393b24e82854733228cbf445
-
SHA1
e01bb8d6c9edab7a40d808e0cc0a77f6698917b8
-
SHA256
e64165bd9e0c0a723e5a35dcca942c0b83a3c44941279bbf8c93c34a4a924401
-
SHA512
57cafda4568fc84ef888c916ce4c02ba77107c01a5e74a60b8e8450ddce4c53b5b95d67c3bd1849d296290840938212b98cd2d4c6fc192361f81c13e4f5ac0af
Static task
static1
Behavioral task
behavioral1
Sample
ä¸å›½ç”µæœºå·¥ç¨‹å¦ä¼š-2022年度新型电力系统创新奖申报表.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ä¸å›½ç”µæœºå·¥ç¨‹å¦ä¼š-2022年度新型电力系统创新奖申报表.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
metasploit
windows/download_exec
http://42.194.199.231:443/9ws9
Targets
-
-
Target
ä¸å›½ç”µæœºå·¥ç¨‹å¦ä¼š-2022年度新型电力系统创新奖申报表.exe.vir
-
Size
515KB
-
MD5
0299feffabdd3815d2249a5643203e3f
-
SHA1
bdba33cf063fada308e401ab34980c62bc7dacbc
-
SHA256
ed220a4ab4a9de44a5d1cd380be9dab98e90f820003e38bff4163ff4c881ea30
-
SHA512
8ff00b998c386bfe96da6c7dce2c1e5cae6b671c0ebcef0d7da7a8f3fd9150af76587c11a3771f4c8e8b3f7301a642691a2d7cf99cc4bac1f052b8486826125d
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
suricata: ET MALWARE Cobalt Strike Beacon Observed
suricata: ET MALWARE Cobalt Strike Beacon Observed
-
suricata: ET MALWARE Generic .bin download from Dotted Quad
suricata: ET MALWARE Generic .bin download from Dotted Quad
-
suricata: ET MALWARE Meterpreter or Other Reverse Shell SSL Cert
suricata: ET MALWARE Meterpreter or Other Reverse Shell SSL Cert
-
suricata: ET MALWARE Possible Metasploit Payload Common Construct Bind_API (from server)
suricata: ET MALWARE Possible Metasploit Payload Common Construct Bind_API (from server)
-
suricata: ET MALWARE Successful Cobalt Strike Shellcode Download (x32)
suricata: ET MALWARE Successful Cobalt Strike Shellcode Download (x32)
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-