General
-
Target
841779538166f59d0fb4dad773e461d1310ba118e89b80959b64a4d16b2a8ec8
-
Size
64KB
-
Sample
221203-km5l3ahc22
-
MD5
652faf8262e1022d57ab1c7648708b4d
-
SHA1
6d3abf202eadaeac5518cdce56d52c646ccae4bb
-
SHA256
841779538166f59d0fb4dad773e461d1310ba118e89b80959b64a4d16b2a8ec8
-
SHA512
8af64c22a039fd5ef2fd1bfa2fbe9b9f89cd7da91fb623581f910506ac4a9b0e22f2e9a63a982623205a50bb833e50400eea0a6fa90e58f97a6b176939b396d2
-
SSDEEP
768:Dhh/56iZTOTaBk2O6mglJNm+t9rrb74kUDXSb9jfUTDWRYxIK0IzJT/RLRaY:DpJZTOeJPlJNbvrrAkQShTR+nzp/9oY
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
841779538166f59d0fb4dad773e461d1310ba118e89b80959b64a4d16b2a8ec8
-
Size
64KB
-
MD5
652faf8262e1022d57ab1c7648708b4d
-
SHA1
6d3abf202eadaeac5518cdce56d52c646ccae4bb
-
SHA256
841779538166f59d0fb4dad773e461d1310ba118e89b80959b64a4d16b2a8ec8
-
SHA512
8af64c22a039fd5ef2fd1bfa2fbe9b9f89cd7da91fb623581f910506ac4a9b0e22f2e9a63a982623205a50bb833e50400eea0a6fa90e58f97a6b176939b396d2
-
SSDEEP
768:Dhh/56iZTOTaBk2O6mglJNm+t9rrb74kUDXSb9jfUTDWRYxIK0IzJT/RLRaY:DpJZTOeJPlJNbvrrAkQShTR+nzp/9oY
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-