General
-
Target
1213.js.js
-
Size
365KB
-
Sample
220717-3f4qasfhh8
-
MD5
352203feb48a1a9f3802d7843b24c098
-
SHA1
464f6ba005b98ba177e00cc4e321689fe6b50ca9
-
SHA256
cd2cbe0dd156322afcea2627b4561d453ee2400db203f6c778d1b0b71b17d8fd
-
SHA512
b0c5300bbea0825a72a0a37dd0be485d51891a1f7e617b22e2b2241ce36b041885af3d056f3128b02fce8dd39117b447bb451c43313e03c4a187ec2ed1a1d655
Static task
static1
Behavioral task
behavioral1
Sample
1213.js
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
1213.js
Resource
win10v2004-20220414-en
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
1213.js.js
-
Size
365KB
-
MD5
352203feb48a1a9f3802d7843b24c098
-
SHA1
464f6ba005b98ba177e00cc4e321689fe6b50ca9
-
SHA256
cd2cbe0dd156322afcea2627b4561d453ee2400db203f6c778d1b0b71b17d8fd
-
SHA512
b0c5300bbea0825a72a0a37dd0be485d51891a1f7e617b22e2b2241ce36b041885af3d056f3128b02fce8dd39117b447bb451c43313e03c4a187ec2ed1a1d655
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-