General
-
Target
bd264dc9338106147892b6862bce81c7aee17227771740cba364050bbbe92e2f
-
Size
272KB
-
Sample
221206-xnvjpseb47
-
MD5
42336081866631ea1d378881a4f99a7a
-
SHA1
afdde5642b71a34564251ed4e166cf195ba11465
-
SHA256
bd264dc9338106147892b6862bce81c7aee17227771740cba364050bbbe92e2f
-
SHA512
ffbdeac9043cda0ab6f063225b6a536b2457b64dac78827a3a3c12790c4f1250c8c63b967664afa23e69a7e13c0baaacce137b6084b62a84d0fc4d5cce1cb943
-
SSDEEP
6144:B9FYQeeMiVusHFTtIM602a108XEWxLYAoanrxB7n2NP0ZQKcqTd/dJBuM7JKuDea:B9x31EWLkwjsAUJa
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
bd264dc9338106147892b6862bce81c7aee17227771740cba364050bbbe92e2f
-
Size
272KB
-
MD5
42336081866631ea1d378881a4f99a7a
-
SHA1
afdde5642b71a34564251ed4e166cf195ba11465
-
SHA256
bd264dc9338106147892b6862bce81c7aee17227771740cba364050bbbe92e2f
-
SHA512
ffbdeac9043cda0ab6f063225b6a536b2457b64dac78827a3a3c12790c4f1250c8c63b967664afa23e69a7e13c0baaacce137b6084b62a84d0fc4d5cce1cb943
-
SSDEEP
6144:B9FYQeeMiVusHFTtIM602a108XEWxLYAoanrxB7n2NP0ZQKcqTd/dJBuM7JKuDea:B9x31EWLkwjsAUJa
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-