General
-
Target
acf09e1cf3b812350fb067ae36f0692c05521d5499d271e8ccc0b38f0556500c
-
Size
264KB
-
Sample
221130-3ftkbsed53
-
MD5
d868cb713efffd35e423575824d0dd0b
-
SHA1
f320926b871bc19f213c82e0e2b888fb12780fc1
-
SHA256
acf09e1cf3b812350fb067ae36f0692c05521d5499d271e8ccc0b38f0556500c
-
SHA512
2aca70fbbe972787eefb533f3a6c14f9f9552e360b290aadd7c96d5ff43c3b9b3a30d728a8c3b8d8dab9db4043146890dd765ec5558fd406ca0972999b5187e8
-
SSDEEP
6144:fxGDQWxXrkMZXRl7can55b55C55/55C55b55r55z55b55C55/55C55b55r55z551:fr27kMZXRl7V
Static task
static1
Behavioral task
behavioral1
Sample
acf09e1cf3b812350fb067ae36f0692c05521d5499d271e8ccc0b38f0556500c.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
acf09e1cf3b812350fb067ae36f0692c05521d5499d271e8ccc0b38f0556500c.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
acf09e1cf3b812350fb067ae36f0692c05521d5499d271e8ccc0b38f0556500c
-
Size
264KB
-
MD5
d868cb713efffd35e423575824d0dd0b
-
SHA1
f320926b871bc19f213c82e0e2b888fb12780fc1
-
SHA256
acf09e1cf3b812350fb067ae36f0692c05521d5499d271e8ccc0b38f0556500c
-
SHA512
2aca70fbbe972787eefb533f3a6c14f9f9552e360b290aadd7c96d5ff43c3b9b3a30d728a8c3b8d8dab9db4043146890dd765ec5558fd406ca0972999b5187e8
-
SSDEEP
6144:fxGDQWxXrkMZXRl7can55b55C55/55C55b55r55z55b55C55/55C55b55r55z551:fr27kMZXRl7V
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-