General
-
Target
79e32ed5b8a2d0bd3511f10172b12c204ef5feecaf1b753d1c438c462b58a8fc
-
Size
84KB
-
Sample
220919-b9p1fsbdb5
-
MD5
d5aa2dbec14a5ca3e5c19cea1a94d0ff
-
SHA1
f513480226b993cbcd01f04107361b2576d95282
-
SHA256
79e32ed5b8a2d0bd3511f10172b12c204ef5feecaf1b753d1c438c462b58a8fc
-
SHA512
6e6f476d155ab9c3a8d3ea9c15d6fb319338ea46949600906620d87951f1f04d2ec7934ac5b8efc80461c1b0d611fac6368482cf4b07b6b96ff58935da0a236d
-
SSDEEP
1536:rW0uLeM8v/q291NR7HVAQCUwljFf+NW49:rWhLA1NRjVAjtls
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
79e32ed5b8a2d0bd3511f10172b12c204ef5feecaf1b753d1c438c462b58a8fc
-
Size
84KB
-
MD5
d5aa2dbec14a5ca3e5c19cea1a94d0ff
-
SHA1
f513480226b993cbcd01f04107361b2576d95282
-
SHA256
79e32ed5b8a2d0bd3511f10172b12c204ef5feecaf1b753d1c438c462b58a8fc
-
SHA512
6e6f476d155ab9c3a8d3ea9c15d6fb319338ea46949600906620d87951f1f04d2ec7934ac5b8efc80461c1b0d611fac6368482cf4b07b6b96ff58935da0a236d
-
SSDEEP
1536:rW0uLeM8v/q291NR7HVAQCUwljFf+NW49:rWhLA1NRjVAjtls
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-