General
-
Target
6cccbfefcac78c3f490eecc649ebda142d1ae755fb6d6c3ec332c1e036122987
-
Size
205KB
-
Sample
221129-pjbxssbh3y
-
MD5
8f3408102e024f29df615f8c042f7ef5
-
SHA1
0e8d844f8355c945cbbb52ab4ad5d17b0010419d
-
SHA256
6cccbfefcac78c3f490eecc649ebda142d1ae755fb6d6c3ec332c1e036122987
-
SHA512
67bf33ba3911ac3b4fdf65a3ea135e5937e0e9f4875e0ba78e8af323b8cb56ddbf0f9ed367f2b167d2777a9f0c925ecb8dc43e2133a2fe3b0a1c40c410c78833
-
SSDEEP
3072:wnnXKQFhLch81nAT+r2/g2BrvR2ap7FPP4WiR18gKvUgTK0rkuL7t0RDbCbtSGKs:8nE+ZDi+ap7FPP4Wq0rtLIXMO3rk8W
Behavioral task
behavioral1
Sample
6cccbfefcac78c3f490eecc649ebda142d1ae755fb6d6c3ec332c1e036122987.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
6cccbfefcac78c3f490eecc649ebda142d1ae755fb6d6c3ec332c1e036122987.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
6cccbfefcac78c3f490eecc649ebda142d1ae755fb6d6c3ec332c1e036122987
-
Size
205KB
-
MD5
8f3408102e024f29df615f8c042f7ef5
-
SHA1
0e8d844f8355c945cbbb52ab4ad5d17b0010419d
-
SHA256
6cccbfefcac78c3f490eecc649ebda142d1ae755fb6d6c3ec332c1e036122987
-
SHA512
67bf33ba3911ac3b4fdf65a3ea135e5937e0e9f4875e0ba78e8af323b8cb56ddbf0f9ed367f2b167d2777a9f0c925ecb8dc43e2133a2fe3b0a1c40c410c78833
-
SSDEEP
3072:wnnXKQFhLch81nAT+r2/g2BrvR2ap7FPP4WiR18gKvUgTK0rkuL7t0RDbCbtSGKs:8nE+ZDi+ap7FPP4Wq0rtLIXMO3rk8W
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-