General
-
Target
e594bc9977776c0d9f625ebbfcc689441252171e726fb153a5160f5b1fda911e
-
Size
242KB
-
Sample
221203-dy59eaea8t
-
MD5
685ced71365f0dc66285fad77c8be101
-
SHA1
f1ccb96b94e1aeb9ae663c9e6e3452f1b7792be4
-
SHA256
e594bc9977776c0d9f625ebbfcc689441252171e726fb153a5160f5b1fda911e
-
SHA512
7c8b9baf56cec99c9cc7396e52ac4aefc85a4cb81a6ab37f4d7c3c04a368a26050decf214a2fcbc0ccf8a35054cd59988a4446283a5f823dcff90246e84001c7
-
SSDEEP
3072:4Zdm54ZB1O/1+0Lj30nxHP6NinYnpC5e6WmBd9tR6FhGM5+1HQcgWkHYvLEbj2zj:YHMZLj3shMinYnpJvgntmreJgWk9
Static task
static1
Behavioral task
behavioral1
Sample
e594bc9977776c0d9f625ebbfcc689441252171e726fb153a5160f5b1fda911e.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
e594bc9977776c0d9f625ebbfcc689441252171e726fb153a5160f5b1fda911e.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
e594bc9977776c0d9f625ebbfcc689441252171e726fb153a5160f5b1fda911e
-
Size
242KB
-
MD5
685ced71365f0dc66285fad77c8be101
-
SHA1
f1ccb96b94e1aeb9ae663c9e6e3452f1b7792be4
-
SHA256
e594bc9977776c0d9f625ebbfcc689441252171e726fb153a5160f5b1fda911e
-
SHA512
7c8b9baf56cec99c9cc7396e52ac4aefc85a4cb81a6ab37f4d7c3c04a368a26050decf214a2fcbc0ccf8a35054cd59988a4446283a5f823dcff90246e84001c7
-
SSDEEP
3072:4Zdm54ZB1O/1+0Lj30nxHP6NinYnpC5e6WmBd9tR6FhGM5+1HQcgWkHYvLEbj2zj:YHMZLj3shMinYnpJvgntmreJgWk9
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies firewall policy service
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-