General
-
Target
6e2d8686cfea2d3179f01002b5728f5d
-
Size
344KB
-
Sample
240121-31csbacbcj
-
MD5
6e2d8686cfea2d3179f01002b5728f5d
-
SHA1
7925d3e77125485a9bcae61378a0458a278bff31
-
SHA256
85580bf956411dd11ed45e6e3217e8b17ff7ac4fd3b3fdc120388a4eabef0ba0
-
SHA512
f35fd5cf1fd0edc6c1886e5969b61991deed8539a97988e5d589f21425d051952422daff80bcbaf651ab5d767ac4c018263530e39dbe2242b9d282f2081e0e98
-
SSDEEP
6144:Sn3HgNUJYH+71wXU9tPkIHut6TGvS1OuAD6SYBPTRKhrakaJXNs:Sn3EUJNtPkIOgTGKoVEBPTROUXNs
Static task
static1
Behavioral task
behavioral1
Sample
igfxctv32.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
igfxctv32.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral3
Sample
wmpctv32.exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
wmpctv32.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
igfxctv32.exe
-
Size
139KB
-
MD5
b5202ea069462c2e8b64ff72100faa28
-
SHA1
7ffd5668f76d34515eb979bc38dde3b4daf84f74
-
SHA256
d445f21a4bd3aa1d61ad5e26df3535e611d44b1d9c70149987ee6979f8e9d3e4
-
SHA512
02a1edf3721d8c471f254dcb7dbf0a5b7ed7448e8f37e218fe5f8429b81dff501eb9edf97b628f4eaa4c204ed809349bd3434d6fde8c7988084689a1366670a1
-
SSDEEP
3072:1whYNSrlVZOlVbKLbHLAxY1RThXrz6hI+hc99r4T183HtlNNuA:Sm6oVbu74Y1RThXr914wH9QA
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
wmpctv32.exe
-
Size
139KB
-
MD5
faab0a19040cdb5368b2237656a5cdde
-
SHA1
7e040852bc17ac3b032d9c9282d3cbd102286d40
-
SHA256
7524641ec7d2124e05c0aa2a4b874d022d7546a168c3e1fc6719cf2d7dd757a8
-
SHA512
8be91fe5fe76b0eee45e1681f493d484419ecee704dc2e8e18cc13a5f1b0d86185a70680220c40c3dde20d733a2a36e3b8833cf5b4808cb46dbff35a6beadd78
-
SSDEEP
3072:F92m5lHWg7MG2KfdzY3cPX321W8DQsalsDVMTJxxaw4vZI6IUw:b7Z7KZ3ccXalamJqG6Id
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-