General
-
Target
bfe4dd8f4b70ff21513bd90df1982fe1
-
Size
152KB
-
Sample
240311-fh5n2scd38
-
MD5
bfe4dd8f4b70ff21513bd90df1982fe1
-
SHA1
f41dff487ae30eeaeb2159a7af9e2a41f5b252d6
-
SHA256
5362c0ba88764556afd6e7542faabb26d0ff703c881c80f4727d3e207bdcebba
-
SHA512
edb4cef1e721807b39b23d3f9138c99b0d1ea35818868c67718c37579495675d33b4b709bc5b226d86d7962ca3f237579fefb0c6e388b4433ff430573e12b607
-
SSDEEP
3072:c0MrOBetRJ2stF11+vzvwArnjExyZGvaQw:c04xZtF13k0C
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
bfe4dd8f4b70ff21513bd90df1982fe1
-
Size
152KB
-
MD5
bfe4dd8f4b70ff21513bd90df1982fe1
-
SHA1
f41dff487ae30eeaeb2159a7af9e2a41f5b252d6
-
SHA256
5362c0ba88764556afd6e7542faabb26d0ff703c881c80f4727d3e207bdcebba
-
SHA512
edb4cef1e721807b39b23d3f9138c99b0d1ea35818868c67718c37579495675d33b4b709bc5b226d86d7962ca3f237579fefb0c6e388b4433ff430573e12b607
-
SSDEEP
3072:c0MrOBetRJ2stF11+vzvwArnjExyZGvaQw:c04xZtF13k0C
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-