General
-
Target
091c58193338146a6912a2195eda06a3a491bdf6bf9ed58bb70c0e761992d680
-
Size
1019KB
-
Sample
221128-wp7d8aad4v
-
MD5
23e1926c6c38251b4cd90d4078e040e7
-
SHA1
b4b8a10819660a0e21cb9142cb0de1b5e0845630
-
SHA256
091c58193338146a6912a2195eda06a3a491bdf6bf9ed58bb70c0e761992d680
-
SHA512
e2855adcf8d31ffda241c291603d863d139161be918ede6552ec4bebf5a8f5242c6a609c05dfef8464538ff839ac523ac1aa0963f504533ca8c887ccfce2d260
-
SSDEEP
24576:kxF40pkW1j5LyylNoJSpCi4p96Mu21Y6fuW+lSSZc:yF4s1joeoJSciMjv/fxGS/
Static task
static1
Behavioral task
behavioral1
Sample
091c58193338146a6912a2195eda06a3a491bdf6bf9ed58bb70c0e761992d680.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
091c58193338146a6912a2195eda06a3a491bdf6bf9ed58bb70c0e761992d680.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Targets
-
-
Target
091c58193338146a6912a2195eda06a3a491bdf6bf9ed58bb70c0e761992d680
-
Size
1019KB
-
MD5
23e1926c6c38251b4cd90d4078e040e7
-
SHA1
b4b8a10819660a0e21cb9142cb0de1b5e0845630
-
SHA256
091c58193338146a6912a2195eda06a3a491bdf6bf9ed58bb70c0e761992d680
-
SHA512
e2855adcf8d31ffda241c291603d863d139161be918ede6552ec4bebf5a8f5242c6a609c05dfef8464538ff839ac523ac1aa0963f504533ca8c887ccfce2d260
-
SSDEEP
24576:kxF40pkW1j5LyylNoJSpCi4p96Mu21Y6fuW+lSSZc:yF4s1joeoJSciMjv/fxGS/
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-