General
-
Target
c16bd2e03b3dfffd4f10a99087b4cdeae34bd5798085985b8f33ccdfb9004e29
-
Size
244KB
-
Sample
221130-12acgahh79
-
MD5
6e282ee1e7e18f01445f1b659e53e87a
-
SHA1
6490ebdf9d7002db97b606adeca41457071d80b4
-
SHA256
c16bd2e03b3dfffd4f10a99087b4cdeae34bd5798085985b8f33ccdfb9004e29
-
SHA512
91bf71a98361fbdab89aa7f3cd9234c0960c6a1466716c4dcf54642b587c1366d451afc93c2082cec01c276003a602e2232f782fe1634e5472617b9dc7de1208
-
SSDEEP
3072:KUSDLtZ7lRl95+C3WRCk+tOcm1HF7Wd7YSQ7GJCHUBsZVU5U+Lq9NJaa:NMDlRwCGEw715W2iJkasZmq9NJaa
Static task
static1
Behavioral task
behavioral1
Sample
c16bd2e03b3dfffd4f10a99087b4cdeae34bd5798085985b8f33ccdfb9004e29.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
c16bd2e03b3dfffd4f10a99087b4cdeae34bd5798085985b8f33ccdfb9004e29.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
c16bd2e03b3dfffd4f10a99087b4cdeae34bd5798085985b8f33ccdfb9004e29
-
Size
244KB
-
MD5
6e282ee1e7e18f01445f1b659e53e87a
-
SHA1
6490ebdf9d7002db97b606adeca41457071d80b4
-
SHA256
c16bd2e03b3dfffd4f10a99087b4cdeae34bd5798085985b8f33ccdfb9004e29
-
SHA512
91bf71a98361fbdab89aa7f3cd9234c0960c6a1466716c4dcf54642b587c1366d451afc93c2082cec01c276003a602e2232f782fe1634e5472617b9dc7de1208
-
SSDEEP
3072:KUSDLtZ7lRl95+C3WRCk+tOcm1HF7Wd7YSQ7GJCHUBsZVU5U+Lq9NJaa:NMDlRwCGEw715W2iJkasZmq9NJaa
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-