General
-
Target
c393950740b0b2e19ce640511930d23c35f7d86a79fc456906e2b7a2445d53a8
-
Size
264KB
-
Sample
221203-gbnydshf27
-
MD5
c8163be8a4317e06cdb97b33b805d9a1
-
SHA1
581f759e03d7a9b4721b490e27a794ae28e5753c
-
SHA256
c393950740b0b2e19ce640511930d23c35f7d86a79fc456906e2b7a2445d53a8
-
SHA512
90801fc802ca8e970599e5823ef645813dc0d2c585cacf15d9580304b66a245c4d34704284bb21cca677e3a371438ab24018f840e6842652231e211ad18c7fbb
-
SSDEEP
6144:w/UvChJWQnyLCRvEVcZqHsmDUSnR3nbnPnn8nbnPnn8nbnPnn8nbnPnn8nbnPnn8:wqChJjntRgACpVR
Static task
static1
Behavioral task
behavioral1
Sample
c393950740b0b2e19ce640511930d23c35f7d86a79fc456906e2b7a2445d53a8.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
c393950740b0b2e19ce640511930d23c35f7d86a79fc456906e2b7a2445d53a8.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
c393950740b0b2e19ce640511930d23c35f7d86a79fc456906e2b7a2445d53a8
-
Size
264KB
-
MD5
c8163be8a4317e06cdb97b33b805d9a1
-
SHA1
581f759e03d7a9b4721b490e27a794ae28e5753c
-
SHA256
c393950740b0b2e19ce640511930d23c35f7d86a79fc456906e2b7a2445d53a8
-
SHA512
90801fc802ca8e970599e5823ef645813dc0d2c585cacf15d9580304b66a245c4d34704284bb21cca677e3a371438ab24018f840e6842652231e211ad18c7fbb
-
SSDEEP
6144:w/UvChJWQnyLCRvEVcZqHsmDUSnR3nbnPnn8nbnPnn8nbnPnn8nbnPnn8nbnPnn8:wqChJjntRgACpVR
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-