General
-
Target
d603c3c02aa3f97e185f86b99a9eb66f802d61e1c231365f460db0f18cb19603
-
Size
138KB
-
Sample
221203-em1efsch46
-
MD5
0d02eac01292ac73c342ad70defca1b6
-
SHA1
c1d13cc087647dce843aa6b31f20042480ee26ba
-
SHA256
d603c3c02aa3f97e185f86b99a9eb66f802d61e1c231365f460db0f18cb19603
-
SHA512
eb96baf0c383b5d72ec00632c1650f06b49d256cb3086efe328fe6a1defdb643a1455da2973a1afe13fa2ceb40471e03b1ec491d8285ec202e543e126face93e
-
SSDEEP
3072:5R2K6PFDICAgPDkqabSoC5s8b3HH0TfFGc842FCl:+K69DbDj88rIFj842O
Static task
static1
Behavioral task
behavioral1
Sample
d603c3c02aa3f97e185f86b99a9eb66f802d61e1c231365f460db0f18cb19603.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d603c3c02aa3f97e185f86b99a9eb66f802d61e1c231365f460db0f18cb19603.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
d603c3c02aa3f97e185f86b99a9eb66f802d61e1c231365f460db0f18cb19603
-
Size
138KB
-
MD5
0d02eac01292ac73c342ad70defca1b6
-
SHA1
c1d13cc087647dce843aa6b31f20042480ee26ba
-
SHA256
d603c3c02aa3f97e185f86b99a9eb66f802d61e1c231365f460db0f18cb19603
-
SHA512
eb96baf0c383b5d72ec00632c1650f06b49d256cb3086efe328fe6a1defdb643a1455da2973a1afe13fa2ceb40471e03b1ec491d8285ec202e543e126face93e
-
SSDEEP
3072:5R2K6PFDICAgPDkqabSoC5s8b3HH0TfFGc842FCl:+K69DbDj88rIFj842O
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies firewall policy service
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Deletes itself
-
Drops file in System32 directory
-