General
-
Target
9c1469f8ba783411fd423a514712ea7d
-
Size
436KB
-
Sample
240214-tc3jdsfg92
-
MD5
9c1469f8ba783411fd423a514712ea7d
-
SHA1
169c5eb0992408527bd2c5004159fe24275881d6
-
SHA256
aee0861cfce923acd94b0fd99412619f53d09a7c44147a460e0ac720de9f66a6
-
SHA512
f91731726d85cc5ddc846b49e7d7e22438ca5e639ab36edea11b78ba38892a451fc7a4d3ad9c4bac904d318dbbac32271a451aa415daf0a3c65177c60cfc0818
-
SSDEEP
6144:7WoLIrHuBwqWgshilBN77UZvsLPTJJaTdrZ9FHjOLVajAt7YHSSKj/Yem7wq4Mq7:6omO8hiDNUZvszXCd99wVajSqSnVdao
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Targets
-
-
Target
9c1469f8ba783411fd423a514712ea7d
-
Size
436KB
-
MD5
9c1469f8ba783411fd423a514712ea7d
-
SHA1
169c5eb0992408527bd2c5004159fe24275881d6
-
SHA256
aee0861cfce923acd94b0fd99412619f53d09a7c44147a460e0ac720de9f66a6
-
SHA512
f91731726d85cc5ddc846b49e7d7e22438ca5e639ab36edea11b78ba38892a451fc7a4d3ad9c4bac904d318dbbac32271a451aa415daf0a3c65177c60cfc0818
-
SSDEEP
6144:7WoLIrHuBwqWgshilBN77UZvsLPTJJaTdrZ9FHjOLVajAt7YHSSKj/Yem7wq4Mq7:6omO8hiDNUZvszXCd99wVajSqSnVdao
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-