General
-
Target
b38c50805347b551640cac5223de86b0f98e73fe7c786000411aae3517d6d583
-
Size
3.6MB
-
Sample
240122-zdjqkadeh3
-
MD5
674273131768429eb76ae60b2c1b7b62
-
SHA1
f107738be1d4a0c7306bbd7b21168093a1525244
-
SHA256
b38c50805347b551640cac5223de86b0f98e73fe7c786000411aae3517d6d583
-
SHA512
0826762c85337f767521c206c8f2232ea493f23f2f060a8f43c668b3b9c13b64b75b2d5adc6d6322b87b7b2fcbb859b4a02bc84652ab74381ee24f60fcc9db68
-
SSDEEP
98304:HTyXLwBG1SqaMx+Ww1hWP0DG7nYKk5qt:HTBACwwDDI9iq
Static task
static1
Behavioral task
behavioral1
Sample
b38c50805347b551640cac5223de86b0f98e73fe7c786000411aae3517d6d583.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
b38c50805347b551640cac5223de86b0f98e73fe7c786000411aae3517d6d583.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
192.168.223.130:1453
Targets
-
-
Target
b38c50805347b551640cac5223de86b0f98e73fe7c786000411aae3517d6d583
-
Size
3.6MB
-
MD5
674273131768429eb76ae60b2c1b7b62
-
SHA1
f107738be1d4a0c7306bbd7b21168093a1525244
-
SHA256
b38c50805347b551640cac5223de86b0f98e73fe7c786000411aae3517d6d583
-
SHA512
0826762c85337f767521c206c8f2232ea493f23f2f060a8f43c668b3b9c13b64b75b2d5adc6d6322b87b7b2fcbb859b4a02bc84652ab74381ee24f60fcc9db68
-
SSDEEP
98304:HTyXLwBG1SqaMx+Ww1hWP0DG7nYKk5qt:HTBACwwDDI9iq
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-