General
-
Target
55809216ef03ad73962edfaf2433574341c7d46830c22810066a47b3295fa720
-
Size
584KB
-
Sample
220725-tattgahbam
-
MD5
b8c211eaae34c112f19811f79ade1836
-
SHA1
a21c6ad55fcff138f297f138012f64a16d7a3b9b
-
SHA256
55809216ef03ad73962edfaf2433574341c7d46830c22810066a47b3295fa720
-
SHA512
7deb70dbc24ee36962437c2267d5fd398766096f50bc4706f943213eb5e5fe470f86b5d3619fdf9bb809f0ce5a22e2a74c174f4726b2c46e4e47bcd7ebf68ba5
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
55809216ef03ad73962edfaf2433574341c7d46830c22810066a47b3295fa720
-
Size
584KB
-
MD5
b8c211eaae34c112f19811f79ade1836
-
SHA1
a21c6ad55fcff138f297f138012f64a16d7a3b9b
-
SHA256
55809216ef03ad73962edfaf2433574341c7d46830c22810066a47b3295fa720
-
SHA512
7deb70dbc24ee36962437c2267d5fd398766096f50bc4706f943213eb5e5fe470f86b5d3619fdf9bb809f0ce5a22e2a74c174f4726b2c46e4e47bcd7ebf68ba5
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-