General
-
Target
cc711d85c8da2316e79d1158e562f722b84e3557863b89b63cc55ac5dd504e1c
-
Size
245KB
-
Sample
221130-z6tq8sfd93
-
MD5
bc09fe65df4c3c4f72fab57a32d6321e
-
SHA1
2c6c7f902da3c8aba207dd548b094d64c22f08d9
-
SHA256
cc711d85c8da2316e79d1158e562f722b84e3557863b89b63cc55ac5dd504e1c
-
SHA512
41c25a4ee4873e1274fd3159d27503a5c4c7057da05bb07357eddc33fc7adeaac97a079f47d549538d7fcbbf290d0abfec36da4c5172d8c7e50ef9a4b0b76089
-
SSDEEP
6144:jpuYPcJ3XpDq8InaUjsqCfs0TcTvT2w+703B8:jpmn8naDqCU0YTI03m
Static task
static1
Behavioral task
behavioral1
Sample
cc711d85c8da2316e79d1158e562f722b84e3557863b89b63cc55ac5dd504e1c.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
cc711d85c8da2316e79d1158e562f722b84e3557863b89b63cc55ac5dd504e1c.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
cc711d85c8da2316e79d1158e562f722b84e3557863b89b63cc55ac5dd504e1c
-
Size
245KB
-
MD5
bc09fe65df4c3c4f72fab57a32d6321e
-
SHA1
2c6c7f902da3c8aba207dd548b094d64c22f08d9
-
SHA256
cc711d85c8da2316e79d1158e562f722b84e3557863b89b63cc55ac5dd504e1c
-
SHA512
41c25a4ee4873e1274fd3159d27503a5c4c7057da05bb07357eddc33fc7adeaac97a079f47d549538d7fcbbf290d0abfec36da4c5172d8c7e50ef9a4b0b76089
-
SSDEEP
6144:jpuYPcJ3XpDq8InaUjsqCfs0TcTvT2w+703B8:jpmn8naDqCU0YTI03m
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-