General
-
Target
crmupgrade21.exe
-
Size
72KB
-
Sample
240418-lpj9ksaf8t
-
MD5
6a7642f9a5461f70dab19dd92c50974d
-
SHA1
75520be33ba850e84143143c6a7b117a5e6c69b2
-
SHA256
3e8e4d0767e877737176e69e2ddb7c82984487b4bdc201b8b9c35d67f284b8b1
-
SHA512
e4200bb5314d2b2026644c111ad32870f7089b097872b4c585d3f801d112d0c354d1db6f548f8445731b1ace26ad60cbea33dd13abfe0379dc477d8a55bb7b61
-
SSDEEP
1536:Ixhl6Mdwzx/mL+L715U1QceDhlMb+KR0Nc8QsJq39:e36Mdwzx/mL+4QjFle0Nc8QsC9
Malware Config
Extracted
metasploit
windows/reverse_tcp
3.84.34.113:53
Targets
-
-
Target
crmupgrade21.exe
-
Size
72KB
-
MD5
6a7642f9a5461f70dab19dd92c50974d
-
SHA1
75520be33ba850e84143143c6a7b117a5e6c69b2
-
SHA256
3e8e4d0767e877737176e69e2ddb7c82984487b4bdc201b8b9c35d67f284b8b1
-
SHA512
e4200bb5314d2b2026644c111ad32870f7089b097872b4c585d3f801d112d0c354d1db6f548f8445731b1ace26ad60cbea33dd13abfe0379dc477d8a55bb7b61
-
SSDEEP
1536:Ixhl6Mdwzx/mL+L715U1QceDhlMb+KR0Nc8QsJq39:e36Mdwzx/mL+4QjFle0Nc8QsC9
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-