General
-
Target
6d50b80765be25fb693c82b1e1b64a0c
-
Size
43KB
-
Sample
240121-ppw5xscgar
-
MD5
6d50b80765be25fb693c82b1e1b64a0c
-
SHA1
af6da1db2bf97f33d03f8931f38677fa42a86a94
-
SHA256
29a01880e269ca6fc7d33d535ea9ee660f395253eb38d756e99f6452bb35ccc8
-
SHA512
a20a03f7d86dd3cd24dac928b74332c7e9ad3114e56eea7589cbd4cf8e4798d5b1e5ed22582e5129e518bb5d9657e90aca593c6ae52629bc5b12ce9dfbbc4a81
-
SSDEEP
768:40hNv6tOXbX5faZByW8BzhkCYMnGwj4Xpuwo6UlMwSYqpIhSltu58nc:4ENv6krXtaZwBdT4Zu9/lXh2tu58c
Static task
static1
Behavioral task
behavioral1
Sample
aadrive32.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
aadrive32.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
aadrive32.exe
-
Size
72KB
-
MD5
cd3858270caa405f3741202d793b0858
-
SHA1
01e28df7eaa5b6b8b103fe66cb3a4e2e76be620a
-
SHA256
19d39e213ed8c48c58881363637a7f58ad0bc1ddba3af8d82740f30ddd901603
-
SHA512
d7f26a670f4717a989f8dd4cb9e70b043766608b0786602d7e86eba9ac0584489af134a3b27ff0aff8ded98909d174a3d57b58d6728f63ffe3407476ac9a3f1b
-
SSDEEP
1536:zoJkCmdlq4hIR1NtPgQl3q5MMC3fDL2ssYVBt41462MTaUMMnMMMMMQqvuOYQIYp:zLdlq4hINllqM3f/5UMMnMMMMMX7I7Da
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-