General
-
Target
d06b193a1450b2080022de62dc8bff1133109f9099c1f49fd5ef15c0970a3d18
-
Size
337KB
-
Sample
221203-ez2haadg75
-
MD5
6a20ef4501aff056f0f7b9c8cd4e4a90
-
SHA1
c8c2b558665070f54247e52a0eae2677b753f946
-
SHA256
d06b193a1450b2080022de62dc8bff1133109f9099c1f49fd5ef15c0970a3d18
-
SHA512
44ce65d9f5a13b5765c361cc66b84f8a3797c574d5ce3874159ab7d6e4b5a9caa72d58e74c5a468378d1f1299f7b8dc3bfd2d46da0c39a25ac5d155137ef24d1
-
SSDEEP
6144:Qpgt/6vW7LYrR2G6vBxDVwkfPcAdeXVXHKTnrBdSTl:4gh7EF16JxDV/fPGXVXHKTnrBd
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
d06b193a1450b2080022de62dc8bff1133109f9099c1f49fd5ef15c0970a3d18
-
Size
337KB
-
MD5
6a20ef4501aff056f0f7b9c8cd4e4a90
-
SHA1
c8c2b558665070f54247e52a0eae2677b753f946
-
SHA256
d06b193a1450b2080022de62dc8bff1133109f9099c1f49fd5ef15c0970a3d18
-
SHA512
44ce65d9f5a13b5765c361cc66b84f8a3797c574d5ce3874159ab7d6e4b5a9caa72d58e74c5a468378d1f1299f7b8dc3bfd2d46da0c39a25ac5d155137ef24d1
-
SSDEEP
6144:Qpgt/6vW7LYrR2G6vBxDVwkfPcAdeXVXHKTnrBdSTl:4gh7EF16JxDV/fPGXVXHKTnrBd
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Deletes itself
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-