General
-
Target
07ec066e55624b529b44cb22a81d7909ef12b18b45414cee22a9bc467a94ef1b
-
Size
40KB
-
Sample
240419-wy6t2sbg97
-
MD5
f2a590ede2edbe08bb4f99eca0424b2b
-
SHA1
d4fe4e37dab1fe0b562920fc350b2f5133a37847
-
SHA256
07ec066e55624b529b44cb22a81d7909ef12b18b45414cee22a9bc467a94ef1b
-
SHA512
0f379cf2d73afa13e47a917e9752736b9c11c3cf5a17e33af63a1b2c87c92659134e2717a1e67503961e52d0a7176ab64000e5d508f55b9b7835711a434cc168
-
SSDEEP
768:4IVkJD7tmkB2N3XUYkowqPiInNnZyvLGl94TdU376p7e+hIMRauCMkOIQJ:4IVa7Ik0N3X2ovP3nNnayl9mU376dPF9
Behavioral task
behavioral1
Sample
de64f766c5148db03d216ee7b88ba1ab51b74e4b34aa6ef7315882d0881c71eb.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
de64f766c5148db03d216ee7b88ba1ab51b74e4b34aa6ef7315882d0881c71eb.dll
Resource
win10v2004-20240412-en
Malware Config
Extracted
metasploit
windows/download_exec
http://90aaaeb62492.ngrok.io:80/Th2n
- headers User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
Targets
-
-
Target
de64f766c5148db03d216ee7b88ba1ab51b74e4b34aa6ef7315882d0881c71eb
-
Size
71KB
-
MD5
05d0dbfe2b283d68835bad401b2d1f29
-
SHA1
f05d782d30707b43e924a3839aeaa93aea64e77a
-
SHA256
de64f766c5148db03d216ee7b88ba1ab51b74e4b34aa6ef7315882d0881c71eb
-
SHA512
a22d84d88cf938fe421e43e02be54449d99926de00664cd20d4d2aa6f5206789c69177db891169f2597a1648e28bddbdbd2c345df51c2f075698a0213773809e
-
SSDEEP
1536:otNzVQFop4QflDN7rdWkfrZZgsWccdl/AToP08Y:yDRptlDN7Jfrjcl/ATc08Y
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-