General
-
Target
0757c824f7cb76a618743bcff7218709ff0ec38192dc21b38e6bba97fc8537b4
-
Size
154KB
-
Sample
220919-mmsnlsghgn
-
MD5
cdeafc110e35d40b942544d4ac1bb80e
-
SHA1
c1279d10152a10fba6e93941878ece7c1ea44d73
-
SHA256
0757c824f7cb76a618743bcff7218709ff0ec38192dc21b38e6bba97fc8537b4
-
SHA512
abeb0409915abe7c96c3f6805f5d79131974bb337fca932c44c4c517b2ac2beb134edf5a8ca978437c4c403c12b1d4742b6e3884ac3ca727fe4f52d80983863e
-
SSDEEP
3072:XiPZmC4JF5PfEjnYfnPtZEx87tQsVaNaEb1z08R:XiPdUWY/PsxsQsVaNas
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
0757c824f7cb76a618743bcff7218709ff0ec38192dc21b38e6bba97fc8537b4
-
Size
154KB
-
MD5
cdeafc110e35d40b942544d4ac1bb80e
-
SHA1
c1279d10152a10fba6e93941878ece7c1ea44d73
-
SHA256
0757c824f7cb76a618743bcff7218709ff0ec38192dc21b38e6bba97fc8537b4
-
SHA512
abeb0409915abe7c96c3f6805f5d79131974bb337fca932c44c4c517b2ac2beb134edf5a8ca978437c4c403c12b1d4742b6e3884ac3ca727fe4f52d80983863e
-
SSDEEP
3072:XiPZmC4JF5PfEjnYfnPtZEx87tQsVaNaEb1z08R:XiPdUWY/PsxsQsVaNas
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies firewall policy service
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-