General
-
Target
5d878c0c7ce0f8d20e4de8bd57a502ca
-
Size
1.1MB
-
Sample
240115-tqh2xabacp
-
MD5
5d878c0c7ce0f8d20e4de8bd57a502ca
-
SHA1
0bce863674ec0532af22a434ea3b2f598dcf36b7
-
SHA256
1e6ed8aa1ac3c551fa968840f8073123a5b32bfd69f7ccfb8318cef47026c0d4
-
SHA512
d9db95de879eb453937606e31e1fc16532eafc83720ed92913abd1dbb8b2008c62ff96c6260216bcd0a8fdf255f9e184a823d9347f4c04e8c27faf80b9ce21be
-
SSDEEP
12288:xpb/ir7hhARq3/T4GHQSRvJ/ulYPCz+HavEwEQFrN:xt/ir7bAK/ZFMlY8+HN9w
Behavioral task
behavioral1
Sample
5d878c0c7ce0f8d20e4de8bd57a502ca.exe
Resource
win7-20231129-en
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Targets
-
-
Target
5d878c0c7ce0f8d20e4de8bd57a502ca
-
Size
1.1MB
-
MD5
5d878c0c7ce0f8d20e4de8bd57a502ca
-
SHA1
0bce863674ec0532af22a434ea3b2f598dcf36b7
-
SHA256
1e6ed8aa1ac3c551fa968840f8073123a5b32bfd69f7ccfb8318cef47026c0d4
-
SHA512
d9db95de879eb453937606e31e1fc16532eafc83720ed92913abd1dbb8b2008c62ff96c6260216bcd0a8fdf255f9e184a823d9347f4c04e8c27faf80b9ce21be
-
SSDEEP
12288:xpb/ir7hhARq3/T4GHQSRvJ/ulYPCz+HavEwEQFrN:xt/ir7bAK/ZFMlY8+HN9w
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Drops file in System32 directory
-