Resubmissions
16-11-2022 19:55
221116-ym4awscf96 1023-09-2022 03:49
220923-edfzfsghhm 1023-09-2022 03:48
220923-ecsxmadae6 1008-09-2022 02:55
220908-deq1dadde4 1008-09-2022 01:58
220908-cd6trsdda7 1006-09-2022 10:03
220906-l3mlvsbac8 1006-09-2022 05:11
220906-ft86lsfdd9 1006-09-2022 05:09
220906-ftm85scffl 1006-09-2022 05:09
220906-fs848afdc5 1006-09-2022 05:07
220906-fsg1qsfda9 10General
-
Target
run.js
-
Size
365KB
-
Sample
220906-l3mlvsbac8
-
MD5
c4e9fc349d5c8b24c0ddb1533de2c16b
-
SHA1
147e938bd06709b3c20eea4ac461093d573be037
-
SHA256
28fd3a1d9087d7b103b7f6cfca002798b6365fe6ebcc66fa02dbb4a9e6378e71
-
SHA512
fd0cf6f434e665aabc91f6095394a08483990c12a0b6ad3a1bd820b740af0ddbc02bc0a2592be429c7488b3cd2889afad8f758b4258009dfe51e9faac76842be
-
SSDEEP
6144:Jnm5mwYxm+DzkzFIDIWCy49ezGywT7PDSzT3enlJ1BJ0exGqkIb1Taha6e2T6Huv:FnaIEWeqWdnlhJ+eHHu+1Qk3C+MAQ
Static task
static1
Behavioral task
behavioral1
Sample
run.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
run.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
run.js
-
Size
365KB
-
MD5
c4e9fc349d5c8b24c0ddb1533de2c16b
-
SHA1
147e938bd06709b3c20eea4ac461093d573be037
-
SHA256
28fd3a1d9087d7b103b7f6cfca002798b6365fe6ebcc66fa02dbb4a9e6378e71
-
SHA512
fd0cf6f434e665aabc91f6095394a08483990c12a0b6ad3a1bd820b740af0ddbc02bc0a2592be429c7488b3cd2889afad8f758b4258009dfe51e9faac76842be
-
SSDEEP
6144:Jnm5mwYxm+DzkzFIDIWCy49ezGywT7PDSzT3enlJ1BJ0exGqkIb1Taha6e2T6Huv:FnaIEWeqWdnlhJ+eHHu+1Qk3C+MAQ
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-