General
-
Target
ab5f3bb2a4f3e1c6539e0f153941a5c5f0722dd2dc8ef591436e549bbc0a266c
-
Size
389KB
-
Sample
221130-3pg8nafb45
-
MD5
02984b3ec95b117aa39b5a46df1cea45
-
SHA1
a3bcefb6e9ab7796b1bf6249f253b9557ba956d6
-
SHA256
ab5f3bb2a4f3e1c6539e0f153941a5c5f0722dd2dc8ef591436e549bbc0a266c
-
SHA512
a84be4ca42fe9c19b2514ffb776967de11995a8c28a62faccf0d3d7334575e7019cfffbd6ea5bdebac49b9e66d408c25c4f83f948ca6020516c3094a48249f97
-
SSDEEP
6144:uYht8wYFtzzzBKjA8wdd7vCDOFCfih6GUlXDu5Lw0y25I3UXwIa1dapr:uaYFt3zBqXY5CDwFcH9Dl9j3UXz6yr
Static task
static1
Behavioral task
behavioral1
Sample
ab5f3bb2a4f3e1c6539e0f153941a5c5f0722dd2dc8ef591436e549bbc0a266c.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ab5f3bb2a4f3e1c6539e0f153941a5c5f0722dd2dc8ef591436e549bbc0a266c.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
ab5f3bb2a4f3e1c6539e0f153941a5c5f0722dd2dc8ef591436e549bbc0a266c
-
Size
389KB
-
MD5
02984b3ec95b117aa39b5a46df1cea45
-
SHA1
a3bcefb6e9ab7796b1bf6249f253b9557ba956d6
-
SHA256
ab5f3bb2a4f3e1c6539e0f153941a5c5f0722dd2dc8ef591436e549bbc0a266c
-
SHA512
a84be4ca42fe9c19b2514ffb776967de11995a8c28a62faccf0d3d7334575e7019cfffbd6ea5bdebac49b9e66d408c25c4f83f948ca6020516c3094a48249f97
-
SSDEEP
6144:uYht8wYFtzzzBKjA8wdd7vCDOFCfih6GUlXDu5Lw0y25I3UXwIa1dapr:uaYFt3zBqXY5CDwFcH9Dl9j3UXz6yr
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-