General
-
Target
7807906127.zip
-
Size
49.4MB
-
Sample
220726-nz5dlsceh4
-
MD5
b00ef648c1ce11bdba27ab512a3ee14e
-
SHA1
b450b4a2f491906a9d084016da1e0ebc59860fd8
-
SHA256
2c05f216181f20e481650a7807ba0420c25ca7410748ef66e5bcb4f8de693c31
-
SHA512
64827d4caa99398fe30f5602e8d50309be85fb452c6d8702b4b171da99c39e14b5e7ffd06ca2b35035fce3a6990c358105702263e04cee2b1b285a74a3d4aba3
Behavioral task
behavioral1
Sample
5ce684113f882d6005329ffa8c260cf3d9cc8c3fda1c9329a11d8d253d059e3c.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
5ce684113f882d6005329ffa8c260cf3d9cc8c3fda1c9329a11d8d253d059e3c.exe
Resource
win10v2004-20220722-en
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/reverse_tcp
70.251.211.113:80
Targets
-
-
Target
5ce684113f882d6005329ffa8c260cf3d9cc8c3fda1c9329a11d8d253d059e3c
-
Size
49.4MB
-
MD5
50f031c86135dfd7005ed6c048860914
-
SHA1
9f20e3545618f119d7e0ecec78b4aef43d4c0ad6
-
SHA256
5ce684113f882d6005329ffa8c260cf3d9cc8c3fda1c9329a11d8d253d059e3c
-
SHA512
4aeac37df917c511cb35e44f4e807545a25529069ef3158febf71167b5658cd8e5b54e8aab0ae236a377e049efc9f0732bb47014cddf50c2abe927246e022fd4
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-