General
-
Target
kips.msi
-
Size
156KB
-
Sample
240418-nt8h3sda7z
-
MD5
644e282d7104e80e9c767ebd3e23504b
-
SHA1
641dccafd79592638a907b513d68783d7806b778
-
SHA256
b875cc8967f0e9fc08d3cdaf19bd860b1137c46ff2b267550cb358b75e04debe
-
SHA512
17e26a16cfc806b97f31c096f094b6bdf3ec117d5d6fa717ccd6ac2a9a549ac3097b9844b28eb82ed56634f0fc296c1cd7a055a5fb6594292228a094e36356e9
-
SSDEEP
1536:Ek7KbqJYPlY+7MfOtvSiGf1hbBrBH7e9zZ2Mb+KR0Nc8QsJq3UDj0D:v7KbHlY+7fvSp9hVF4Ee0Nc8QsC
Behavioral task
behavioral1
Sample
kips.msi
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
kips.msi
Resource
win10v2004-20240226-en
Malware Config
Extracted
metasploit
windows/reverse_tcp
20.117.115.123:443
Targets
-
-
Target
kips.msi
-
Size
156KB
-
MD5
644e282d7104e80e9c767ebd3e23504b
-
SHA1
641dccafd79592638a907b513d68783d7806b778
-
SHA256
b875cc8967f0e9fc08d3cdaf19bd860b1137c46ff2b267550cb358b75e04debe
-
SHA512
17e26a16cfc806b97f31c096f094b6bdf3ec117d5d6fa717ccd6ac2a9a549ac3097b9844b28eb82ed56634f0fc296c1cd7a055a5fb6594292228a094e36356e9
-
SSDEEP
1536:Ek7KbqJYPlY+7MfOtvSiGf1hbBrBH7e9zZ2Mb+KR0Nc8QsJq3UDj0D:v7KbHlY+7fvSp9hVF4Ee0Nc8QsC
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-