General
-
Target
Water_Adobe_Scan_Feb_27_2024.pdf
-
Size
1011KB
-
Sample
240229-2dp9fsec8w
-
MD5
79c9682e3d336e6fe8def3c4d33e5b29
-
SHA1
aaf833f0e5f620a8b84d7790d62d5c9cc0e64aa4
-
SHA256
6b87d771156f68d09093d798abb1abd7fa4c1f951affb629c1ee3cf2e423fb6d
-
SHA512
5338d354704813bb476afba55fa37a70be90f28fce56bc53390dc97f69c071a423df0f94bf3e6ec66b90f0c85b1cab60b907c18945cc9d39f8270b4c2e998cad
-
SSDEEP
12288:BMfmSu1qUHH0UQNCGf6ryEoX1MWV0NkeSmWKyLbLI6HVvjzx5nEsBCqdJX2G/7+h:B5DUSaXFFBQOzxlEsBl+ZpC8q8
Behavioral task
behavioral1
Sample
Water_Adobe_Scan_Feb_27_2024.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Water_Adobe_Scan_Feb_27_2024.pdf
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Water_Adobe_Scan_Feb_27_2024.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Water_Adobe_Scan_Feb_27_2024.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/reverse_http
http://76.128.80.129:9787/25goz-yhLfg-Kj8rW8s-wg4G7fAT8
Targets
-
-
Target
Water_Adobe_Scan_Feb_27_2024.pdf
-
Size
1011KB
-
MD5
79c9682e3d336e6fe8def3c4d33e5b29
-
SHA1
aaf833f0e5f620a8b84d7790d62d5c9cc0e64aa4
-
SHA256
6b87d771156f68d09093d798abb1abd7fa4c1f951affb629c1ee3cf2e423fb6d
-
SHA512
5338d354704813bb476afba55fa37a70be90f28fce56bc53390dc97f69c071a423df0f94bf3e6ec66b90f0c85b1cab60b907c18945cc9d39f8270b4c2e998cad
-
SSDEEP
12288:BMfmSu1qUHH0UQNCGf6ryEoX1MWV0NkeSmWKyLbLI6HVvjzx5nEsBCqdJX2G/7+h:B5DUSaXFFBQOzxlEsBl+ZpC8q8
Score1/10 -
-
-
Target
Water_Adobe_Scan_Feb_27_2024.pdf
-
Size
120KB
-
MD5
1541e0bb046d31ba7eaa2fbf606df09c
-
SHA1
de9c548823391fbcc02d598da5ee703d655005f7
-
SHA256
ca26ea8e59fe41773d2b3652449ec3fc6a73edd6413b3109d2a7f04712ddc05b
-
SHA512
4dd80e31f75d2d75f1dfcb74cc060863bef7541d455abdba4531e4fa5f622127f4f5369b49bdea79a79dcac4ca6cddda82e37f541b249f22de3000b1e7494561
-
SSDEEP
1536:/zjoAkSVRoidt3NIEzK1I0ZjwZ61cBsYvIch8RwW0IHAufngu5Nr2O1vHkt9um:/HuSVKidFNI1ZRqORp4ufFm
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-