General
-
Target
2728a553c114325588737f50622b72ad7ad323d3722abe1af311e82596dbc483
-
Size
254KB
-
Sample
221125-d8c1lscg3v
-
MD5
812bbc859b6746779cbaa44859a65bf1
-
SHA1
fdfcfcf2908a0ee96a21f43f3428388ca0946e35
-
SHA256
2728a553c114325588737f50622b72ad7ad323d3722abe1af311e82596dbc483
-
SHA512
4455e0affccbd9fd55fabbc90aa785c848c0ea5cd8618a72115b52a8cc62afc042ed01e46ce8ef292811eee0e430e027bfc32682bace3970799a789a57e51ecc
-
SSDEEP
3072:mwXG2pch5235qmNZZ8FsXoxvW38AWbSgYHbEL1V0k2pYm0IqBK0KcHsYe84lsYe2:P2S35/iBvy8AWbgHgJ7EfVcKhuN
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
2728a553c114325588737f50622b72ad7ad323d3722abe1af311e82596dbc483
-
Size
254KB
-
MD5
812bbc859b6746779cbaa44859a65bf1
-
SHA1
fdfcfcf2908a0ee96a21f43f3428388ca0946e35
-
SHA256
2728a553c114325588737f50622b72ad7ad323d3722abe1af311e82596dbc483
-
SHA512
4455e0affccbd9fd55fabbc90aa785c848c0ea5cd8618a72115b52a8cc62afc042ed01e46ce8ef292811eee0e430e027bfc32682bace3970799a789a57e51ecc
-
SSDEEP
3072:mwXG2pch5235qmNZZ8FsXoxvW38AWbSgYHbEL1V0k2pYm0IqBK0KcHsYe84lsYe2:P2S35/iBvy8AWbgHgJ7EfVcKhuN
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies firewall policy service
-
Disables use of System Restore points
-
Executes dropped EXE
-
Sets file execution options in registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-