General
-
Target
9f90eea616a2e0c3ead2f6599d262bd5bfdfd14ff881261d792749b574116efe
-
Size
1.5MB
-
Sample
240417-jtg9nshc86
-
MD5
9a418e10572edcc25c70b30749732077
-
SHA1
ceeadb6629c7d5ea6e3342da957254ea37390336
-
SHA256
9f90eea616a2e0c3ead2f6599d262bd5bfdfd14ff881261d792749b574116efe
-
SHA512
83e5e4e80b7852d936289bdbdd817845a523a2ab5e3b3c5442f8bf78285cbd9211e21a15425ec3567bd9ad7c5f40ab4a11c378963a17d58b5bd54baf22c3b638
-
SSDEEP
24576:cubsnafAPyjdNmJkjm1K5aPBCs/ViEIKr55PjbDrOQyAPP/cE:SIdEimBCoNbvXn/l
Malware Config
Extracted
metasploit
windows/reverse_tcp
47.120.6.114:4444
Targets
-
-
Target
9f90eea616a2e0c3ead2f6599d262bd5bfdfd14ff881261d792749b574116efe
-
Size
1.5MB
-
MD5
9a418e10572edcc25c70b30749732077
-
SHA1
ceeadb6629c7d5ea6e3342da957254ea37390336
-
SHA256
9f90eea616a2e0c3ead2f6599d262bd5bfdfd14ff881261d792749b574116efe
-
SHA512
83e5e4e80b7852d936289bdbdd817845a523a2ab5e3b3c5442f8bf78285cbd9211e21a15425ec3567bd9ad7c5f40ab4a11c378963a17d58b5bd54baf22c3b638
-
SSDEEP
24576:cubsnafAPyjdNmJkjm1K5aPBCs/ViEIKr55PjbDrOQyAPP/cE:SIdEimBCoNbvXn/l
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-