General
-
Target
74f0ba018c00f91d7e3cb8e4d3dc75950be330416052d9ea17ec395c458ece43
-
Size
179KB
-
Sample
221203-bjasvabh22
-
MD5
e7f36826c44c8fea5ad90ca38f3434ac
-
SHA1
31cc06746f0a55ea578dc852e4ce32db98802371
-
SHA256
74f0ba018c00f91d7e3cb8e4d3dc75950be330416052d9ea17ec395c458ece43
-
SHA512
b1e79a6ff61266c0867c9af0e2d9e1af864562c9de0577d4856b656575df6d5362bcfcb64f7de4590f6882ab8930ed0e4ab8abddf08fc40aaedd9b646b71d52c
-
SSDEEP
3072:g0Lh0KNHQ80N8m+5/KJKC35nB00LA8De3vtS+x68F+Hcpw:g0L8NDMuDc9+8S+x6+tw
Static task
static1
Behavioral task
behavioral1
Sample
74f0ba018c00f91d7e3cb8e4d3dc75950be330416052d9ea17ec395c458ece43.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
74f0ba018c00f91d7e3cb8e4d3dc75950be330416052d9ea17ec395c458ece43.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
74f0ba018c00f91d7e3cb8e4d3dc75950be330416052d9ea17ec395c458ece43
-
Size
179KB
-
MD5
e7f36826c44c8fea5ad90ca38f3434ac
-
SHA1
31cc06746f0a55ea578dc852e4ce32db98802371
-
SHA256
74f0ba018c00f91d7e3cb8e4d3dc75950be330416052d9ea17ec395c458ece43
-
SHA512
b1e79a6ff61266c0867c9af0e2d9e1af864562c9de0577d4856b656575df6d5362bcfcb64f7de4590f6882ab8930ed0e4ab8abddf08fc40aaedd9b646b71d52c
-
SSDEEP
3072:g0Lh0KNHQ80N8m+5/KJKC35nB00LA8De3vtS+x68F+Hcpw:g0L8NDMuDc9+8S+x6+tw
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-