General
-
Target
710d0f94bdbafa9c8fea31e1cee68ec3
-
Size
138KB
-
Sample
240124-bl13taegf8
-
MD5
710d0f94bdbafa9c8fea31e1cee68ec3
-
SHA1
27212dd4c3c1f3bfc824bc1396e524454f3ebbd4
-
SHA256
8189ce03cc9aaf3bff8a2880ec7e43809858af1e16db629b86be33d6c9557fcb
-
SHA512
bc4072139c9f718a6571917bc2653ca2584e964dfdb976b8bc8c0f8265d4188e5fa16f92f937cb79974177035e4fe39ba75545bb6a11dbdde455efd6e76c7117
-
SSDEEP
3072:EXDYgAo12dmS7WYvMiPe2cZNedRKOxycw26cXa0RDozXgn:8jZ12dt7WxiPe28Ne3jMcw2pXa0ezM
Static task
static1
Behavioral task
behavioral1
Sample
710d0f94bdbafa9c8fea31e1cee68ec3.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
710d0f94bdbafa9c8fea31e1cee68ec3.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
710d0f94bdbafa9c8fea31e1cee68ec3
-
Size
138KB
-
MD5
710d0f94bdbafa9c8fea31e1cee68ec3
-
SHA1
27212dd4c3c1f3bfc824bc1396e524454f3ebbd4
-
SHA256
8189ce03cc9aaf3bff8a2880ec7e43809858af1e16db629b86be33d6c9557fcb
-
SHA512
bc4072139c9f718a6571917bc2653ca2584e964dfdb976b8bc8c0f8265d4188e5fa16f92f937cb79974177035e4fe39ba75545bb6a11dbdde455efd6e76c7117
-
SSDEEP
3072:EXDYgAo12dmS7WYvMiPe2cZNedRKOxycw26cXa0RDozXgn:8jZ12dt7WxiPe28Ne3jMcw2pXa0ezM
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-