General
-
Target
5e49f1ae60ee3e310958aca0aef37412
-
Size
248KB
-
Sample
240115-2p86pshda2
-
MD5
5e49f1ae60ee3e310958aca0aef37412
-
SHA1
9d8e496d16c36068a4ccb5d42ed4d0529199c94c
-
SHA256
d180bd5921c8c94d3f250722e21a26633d22e37c4b6e1a8b94f5302b5d531ddf
-
SHA512
a0c0fd561d80467870e2a3064be2fad2153f706365579f3d451ddbfaedc77c70941a788edcea21362e7eb6b6b3c7ea46eee921a680571e8f7cff4f801d42daaf
-
SSDEEP
1536:PNUlDg0zwznq/9oY0ARaWw7m5J3MBLlkoBy+gM/njEO5b22IfyW+TVTJBm9vz3/y:QIKE5B3QpwRIL7L3G1ijK5QeuA
Static task
static1
Behavioral task
behavioral1
Sample
5e49f1ae60ee3e310958aca0aef37412.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
5e49f1ae60ee3e310958aca0aef37412.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/shell_reverse_tcp
192.168.1.98:4444
Targets
-
-
Target
5e49f1ae60ee3e310958aca0aef37412
-
Size
248KB
-
MD5
5e49f1ae60ee3e310958aca0aef37412
-
SHA1
9d8e496d16c36068a4ccb5d42ed4d0529199c94c
-
SHA256
d180bd5921c8c94d3f250722e21a26633d22e37c4b6e1a8b94f5302b5d531ddf
-
SHA512
a0c0fd561d80467870e2a3064be2fad2153f706365579f3d451ddbfaedc77c70941a788edcea21362e7eb6b6b3c7ea46eee921a680571e8f7cff4f801d42daaf
-
SSDEEP
1536:PNUlDg0zwznq/9oY0ARaWw7m5J3MBLlkoBy+gM/njEO5b22IfyW+TVTJBm9vz3/y:QIKE5B3QpwRIL7L3G1ijK5QeuA
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-