General
-
Target
a0a0ad6ae5130ccacef3a149f33d34581441b02ddf86576d2e62e4a127c05b63
-
Size
140KB
-
Sample
221205-mpxeksbe34
-
MD5
ee22c659a9906b56a71903934fe4bad4
-
SHA1
5b362603ef42dcb02cbbefdf0031aa5b651535f1
-
SHA256
a0a0ad6ae5130ccacef3a149f33d34581441b02ddf86576d2e62e4a127c05b63
-
SHA512
9ab5d4b3ab59e77de31f48b2ea03afaa1cea191ad7dd7d8fc8dd092368d763736e8138ea0f592aea4f3af4ea671941b6199586d3b0c8382a63696205f8f4b2f3
-
SSDEEP
3072:rM65IQk/moU+pcIjdVNucStRgSyj3L/jjqId4/tSzkrj:9k/mJ+pStRpyj3/HW/tSQ/
Static task
static1
Behavioral task
behavioral1
Sample
a0a0ad6ae5130ccacef3a149f33d34581441b02ddf86576d2e62e4a127c05b63.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a0a0ad6ae5130ccacef3a149f33d34581441b02ddf86576d2e62e4a127c05b63.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
a0a0ad6ae5130ccacef3a149f33d34581441b02ddf86576d2e62e4a127c05b63
-
Size
140KB
-
MD5
ee22c659a9906b56a71903934fe4bad4
-
SHA1
5b362603ef42dcb02cbbefdf0031aa5b651535f1
-
SHA256
a0a0ad6ae5130ccacef3a149f33d34581441b02ddf86576d2e62e4a127c05b63
-
SHA512
9ab5d4b3ab59e77de31f48b2ea03afaa1cea191ad7dd7d8fc8dd092368d763736e8138ea0f592aea4f3af4ea671941b6199586d3b0c8382a63696205f8f4b2f3
-
SSDEEP
3072:rM65IQk/moU+pcIjdVNucStRgSyj3L/jjqId4/tSzkrj:9k/mJ+pStRpyj3/HW/tSQ/
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies firewall policy service
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-