General
-
Target
431ad473a3cbb1711c8d7ff70fae74dcbe5df84991bbe8b112096a967e5ba8dc
-
Size
37KB
-
Sample
220707-3zaxbsbce9
-
MD5
fec69b033c89a800966467bb52a7d6ab
-
SHA1
8823b35777fd7470fd7e789c4005151e9622610a
-
SHA256
431ad473a3cbb1711c8d7ff70fae74dcbe5df84991bbe8b112096a967e5ba8dc
-
SHA512
707bb6a06f5e469db3893c164a9077eb1c0748ef7186c6bbdf35e5a664a465a7d5b87eea698fdc94fd3d4483e8d2cb96b1a637dfdbd3e5b0e923fb999e07319b
Static task
static1
Behavioral task
behavioral1
Sample
431ad473a3cbb1711c8d7ff70fae74dcbe5df84991bbe8b112096a967e5ba8dc.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
431ad473a3cbb1711c8d7ff70fae74dcbe5df84991bbe8b112096a967e5ba8dc.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
431ad473a3cbb1711c8d7ff70fae74dcbe5df84991bbe8b112096a967e5ba8dc
-
Size
37KB
-
MD5
fec69b033c89a800966467bb52a7d6ab
-
SHA1
8823b35777fd7470fd7e789c4005151e9622610a
-
SHA256
431ad473a3cbb1711c8d7ff70fae74dcbe5df84991bbe8b112096a967e5ba8dc
-
SHA512
707bb6a06f5e469db3893c164a9077eb1c0748ef7186c6bbdf35e5a664a465a7d5b87eea698fdc94fd3d4483e8d2cb96b1a637dfdbd3e5b0e923fb999e07319b
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
suricata: ET MALWARE DNS Reply Sinkhole - Microsoft - 199.2.137.0/24
suricata: ET MALWARE DNS Reply Sinkhole - Microsoft - 199.2.137.0/24
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-