General
-
Target
5180621dabfbf51a1764886b08bf8b954f27e326ed6167fbdbd8a6f6313c534f
-
Size
5.0MB
-
Sample
220718-r9ahrsgcdj
-
MD5
38c817799dc0b801b8051000baac445a
-
SHA1
6b7b2c1659ae194b6f7a5d94e40e94cacdc1bccc
-
SHA256
5180621dabfbf51a1764886b08bf8b954f27e326ed6167fbdbd8a6f6313c534f
-
SHA512
281797346098fb0b15265e28b4fa6bd98304611878ef7b902fa0170fec8c4437f43d8d285578538e09b41973f90c522c801bb91e2b41401e68a96839d3495006
Behavioral task
behavioral1
Sample
5180621dabfbf51a1764886b08bf8b954f27e326ed6167fbdbd8a6f6313c534f.dll
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
5180621dabfbf51a1764886b08bf8b954f27e326ed6167fbdbd8a6f6313c534f.dll
Resource
win10v2004-20220414-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
5180621dabfbf51a1764886b08bf8b954f27e326ed6167fbdbd8a6f6313c534f
-
Size
5.0MB
-
MD5
38c817799dc0b801b8051000baac445a
-
SHA1
6b7b2c1659ae194b6f7a5d94e40e94cacdc1bccc
-
SHA256
5180621dabfbf51a1764886b08bf8b954f27e326ed6167fbdbd8a6f6313c534f
-
SHA512
281797346098fb0b15265e28b4fa6bd98304611878ef7b902fa0170fec8c4437f43d8d285578538e09b41973f90c522c801bb91e2b41401e68a96839d3495006
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies firewall policy service
-
suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup
suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup
-
suricata: ET MALWARE Known Sinkhole Response Header
suricata: ET MALWARE Known Sinkhole Response Header
-
suricata: ET MALWARE Possible WannaCry DNS Lookup 2
suricata: ET MALWARE Possible WannaCry DNS Lookup 2
-
Executes dropped EXE
-
Drops file in System32 directory
-