General
-
Target
0015ff099bfe6db3ad0140b89f6d950cf59510a16aa871be69d1fb77909078b0
-
Size
5.0MB
-
Sample
240117-lg8xzaddd4
-
MD5
bd0707fba6e2afdcea44e9e926dd15d8
-
SHA1
609b18501328fbf088d1f8e4135bf5f6777cecce
-
SHA256
0015ff099bfe6db3ad0140b89f6d950cf59510a16aa871be69d1fb77909078b0
-
SHA512
5f78957b673ab5fc57dcfc8450797c65c47b43236017dc551826667c012f939c744cbf374d1c37bb9c2d6245b0f7f7e95128795678b5c47e8c182b4e7a93a98d
-
SSDEEP
49152:RX4YuvLkpJZficvhYKicHpdK0BiqhR7dYAMiJyujasIu7X+llMyXpx8aQ4gbVLOu:KNYk
Static task
static1
Behavioral task
behavioral1
Sample
0015ff099bfe6db3ad0140b89f6d950cf59510a16aa871be69d1fb77909078b0.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0015ff099bfe6db3ad0140b89f6d950cf59510a16aa871be69d1fb77909078b0.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/reverse_tcp
104.194.78.162:9003
Targets
-
-
Target
0015ff099bfe6db3ad0140b89f6d950cf59510a16aa871be69d1fb77909078b0
-
Size
5.0MB
-
MD5
bd0707fba6e2afdcea44e9e926dd15d8
-
SHA1
609b18501328fbf088d1f8e4135bf5f6777cecce
-
SHA256
0015ff099bfe6db3ad0140b89f6d950cf59510a16aa871be69d1fb77909078b0
-
SHA512
5f78957b673ab5fc57dcfc8450797c65c47b43236017dc551826667c012f939c744cbf374d1c37bb9c2d6245b0f7f7e95128795678b5c47e8c182b4e7a93a98d
-
SSDEEP
49152:RX4YuvLkpJZficvhYKicHpdK0BiqhR7dYAMiJyujasIu7X+llMyXpx8aQ4gbVLOu:KNYk
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-