General
-
Target
ca1441615d14117a414448ee303cd1a8a3021980bb8476fcac4e1aa83723d65f
-
Size
249KB
-
Sample
221203-fm1kwsba9y
-
MD5
1bed964735e9a19f4e1ca09e8a61e60d
-
SHA1
53105df2de13bf0416d09c88a2c254221e60e9ae
-
SHA256
ca1441615d14117a414448ee303cd1a8a3021980bb8476fcac4e1aa83723d65f
-
SHA512
32656feb69915b41289e72bb6608eb4c385d77b62285f4ea9fd09dfd6c5b6a6cc0287174457f43e6227efb9f3f2c7362709b9739927907db03f994f7b6c115ad
-
SSDEEP
3072:azGbs5CPFpid7aB+PuUoEPnBRUzPkPWv5WKuznt+DxME/+Veo/B6dcLSHaSVLkB9:RbrpkB/nBmFunUm56dqYy
Static task
static1
Behavioral task
behavioral1
Sample
ca1441615d14117a414448ee303cd1a8a3021980bb8476fcac4e1aa83723d65f.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ca1441615d14117a414448ee303cd1a8a3021980bb8476fcac4e1aa83723d65f.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
ca1441615d14117a414448ee303cd1a8a3021980bb8476fcac4e1aa83723d65f
-
Size
249KB
-
MD5
1bed964735e9a19f4e1ca09e8a61e60d
-
SHA1
53105df2de13bf0416d09c88a2c254221e60e9ae
-
SHA256
ca1441615d14117a414448ee303cd1a8a3021980bb8476fcac4e1aa83723d65f
-
SHA512
32656feb69915b41289e72bb6608eb4c385d77b62285f4ea9fd09dfd6c5b6a6cc0287174457f43e6227efb9f3f2c7362709b9739927907db03f994f7b6c115ad
-
SSDEEP
3072:azGbs5CPFpid7aB+PuUoEPnBRUzPkPWv5WKuznt+DxME/+Veo/B6dcLSHaSVLkB9:RbrpkB/nBmFunUm56dqYy
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-