General
-
Target
71013c2fbce711749e901cc6b5fe0c0f
-
Size
135KB
-
Sample
240124-a7tp7aeda2
-
MD5
71013c2fbce711749e901cc6b5fe0c0f
-
SHA1
be5d6b9c138a51c6f499bc7d06748976d0e5dcc4
-
SHA256
986596412c6e4db352271c12ac27c73670c13a00df86b41705a57a50e5219dd6
-
SHA512
d89e1aae58d277722be7244031ed1483ba12468e8afc3cb4aa7a174952f06b5480bb2dd7b2fa956035cc2d8b2ce1b69fabeae0b28babea60ddd0f8466b8fed12
-
SSDEEP
3072:V9XcDDKwNu4FRk+yblof0BBT98ydHnb6gNPsudmPfTv8R:VMNuqRByef0BF98TkPVIHL
Behavioral task
behavioral1
Sample
71013c2fbce711749e901cc6b5fe0c0f.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
71013c2fbce711749e901cc6b5fe0c0f.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
71013c2fbce711749e901cc6b5fe0c0f
-
Size
135KB
-
MD5
71013c2fbce711749e901cc6b5fe0c0f
-
SHA1
be5d6b9c138a51c6f499bc7d06748976d0e5dcc4
-
SHA256
986596412c6e4db352271c12ac27c73670c13a00df86b41705a57a50e5219dd6
-
SHA512
d89e1aae58d277722be7244031ed1483ba12468e8afc3cb4aa7a174952f06b5480bb2dd7b2fa956035cc2d8b2ce1b69fabeae0b28babea60ddd0f8466b8fed12
-
SSDEEP
3072:V9XcDDKwNu4FRk+yblof0BBT98ydHnb6gNPsudmPfTv8R:VMNuqRByef0BF98TkPVIHL
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-