General
-
Target
f284c0b06e7364fb9de855e9c0ea56241d4ba0ed812e6d7a8546e0a020ca0cc3
-
Size
82KB
-
Sample
221204-nvsh9aeg73
-
MD5
3a797c6b84c1eaa0e6e2162dfb779ae4
-
SHA1
8d0655a0555e2a0a405f315b940033f66e97f01d
-
SHA256
f284c0b06e7364fb9de855e9c0ea56241d4ba0ed812e6d7a8546e0a020ca0cc3
-
SHA512
01d84bae4b65b91a659c5b0148e7ddea12c5cd425753d1b69445d8e5e01d4a50ffb01dd55dc31b0e00f5857ffb2f8365e00d6bc9809d21f3c737ddefcdd8bd63
-
SSDEEP
1536:/xD/Bg3V3iYs7zNzSTJ2BDiEXJIH/5JSeybOet4Pn7vb13Q/lX:FsyF7pG0+sJCnsbft4P7zK/F
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
f284c0b06e7364fb9de855e9c0ea56241d4ba0ed812e6d7a8546e0a020ca0cc3
-
Size
82KB
-
MD5
3a797c6b84c1eaa0e6e2162dfb779ae4
-
SHA1
8d0655a0555e2a0a405f315b940033f66e97f01d
-
SHA256
f284c0b06e7364fb9de855e9c0ea56241d4ba0ed812e6d7a8546e0a020ca0cc3
-
SHA512
01d84bae4b65b91a659c5b0148e7ddea12c5cd425753d1b69445d8e5e01d4a50ffb01dd55dc31b0e00f5857ffb2f8365e00d6bc9809d21f3c737ddefcdd8bd63
-
SSDEEP
1536:/xD/Bg3V3iYs7zNzSTJ2BDiEXJIH/5JSeybOet4Pn7vb13Q/lX:FsyF7pG0+sJCnsbft4P7zK/F
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies firewall policy service
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-