General
-
Target
b708a5985eb5315a18bada34e80304fdc33f2a13640e650ee4bc651451f77544
-
Size
304KB
-
Sample
221203-azksbaab57
-
MD5
835d904ac7ea20217958ddbeaa87b7c9
-
SHA1
b9af85cc71b37a3e4e32f086b566d7cc1357dd71
-
SHA256
b708a5985eb5315a18bada34e80304fdc33f2a13640e650ee4bc651451f77544
-
SHA512
8d694798062e1ca55d056dc4e8a31a25fa367330e24f2957d218f0779c3d62d0bf294f654aa9897209945f8a4043eea6da9fbcbaa8a5352e39199d1b9c28124f
-
SSDEEP
6144:dMIasDkaLPlgnMDHr96BjnLi7k2kqD5XJH8pVaQKH:tPl5gnLx2kqxF8y
Static task
static1
Behavioral task
behavioral1
Sample
b708a5985eb5315a18bada34e80304fdc33f2a13640e650ee4bc651451f77544.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
b708a5985eb5315a18bada34e80304fdc33f2a13640e650ee4bc651451f77544.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
b708a5985eb5315a18bada34e80304fdc33f2a13640e650ee4bc651451f77544
-
Size
304KB
-
MD5
835d904ac7ea20217958ddbeaa87b7c9
-
SHA1
b9af85cc71b37a3e4e32f086b566d7cc1357dd71
-
SHA256
b708a5985eb5315a18bada34e80304fdc33f2a13640e650ee4bc651451f77544
-
SHA512
8d694798062e1ca55d056dc4e8a31a25fa367330e24f2957d218f0779c3d62d0bf294f654aa9897209945f8a4043eea6da9fbcbaa8a5352e39199d1b9c28124f
-
SSDEEP
6144:dMIasDkaLPlgnMDHr96BjnLi7k2kqD5XJH8pVaQKH:tPl5gnLx2kqxF8y
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-