General
-
Target
21d6b63327f1f57348899d5992d43102.exe
-
Size
124KB
-
Sample
240506-hs393scg6t
-
MD5
21d6b63327f1f57348899d5992d43102
-
SHA1
c1f72ac6dedd7817c094c41df3d9dd505675d93d
-
SHA256
a5d024a0be4a491e5004b9c4c1343fc172e210cc1bf78641d512c6fd9ec41f62
-
SHA512
0af75df0a6dfe44b33b03f4dc716c48db3a479f438fe0a9332b82cc832ffdb2d56254b073bfb67feed8c0f5516ede72a93f1de70e62c8ae9e9e9fd09f600d1cf
-
SSDEEP
1536:IFaM5mTEVEQnqrZM5V3J6fgNWbMb+KR0Nc8QsJq3:iaMqEVEUWZulJGgNAe0Nc8QsC
Malware Config
Extracted
metasploit
windows/reverse_tcp
86.104.74.31:9981
Extracted
metasploit
windows/reverse_winhttp
https://86.104.74.31:2526/-zHGcUeWz9B__H79GcT_vw6fiq3ZfacoOpiicZAQdFSopE75-m6Wh8pyNy-ksrVkep8OUw6qQpG4yOZsQ6Mj6I-cfdAG
https://86.104.74.31:2526/QFdn-an7LHXwH_EelidwNALmab8nbAeOtEi1Yl3P72-JNCwyowwFlk68eXfNDS9-kdqb4r2ePQlozfgaqz7zjmwbWEZMELNzJghq2QD2e7G_n7TOWCrhIRiQxMb-xV3inm-tt9SwNaVUoFkq4CgzV-6j1O22d4xaPK9AAHu57c34Y6kcLN8ei3gF2cPwQM-A52_6XfA8FqJ0ov95KWITQ
Targets
-
-
Target
21d6b63327f1f57348899d5992d43102.exe
-
Size
124KB
-
MD5
21d6b63327f1f57348899d5992d43102
-
SHA1
c1f72ac6dedd7817c094c41df3d9dd505675d93d
-
SHA256
a5d024a0be4a491e5004b9c4c1343fc172e210cc1bf78641d512c6fd9ec41f62
-
SHA512
0af75df0a6dfe44b33b03f4dc716c48db3a479f438fe0a9332b82cc832ffdb2d56254b073bfb67feed8c0f5516ede72a93f1de70e62c8ae9e9e9fd09f600d1cf
-
SSDEEP
1536:IFaM5mTEVEQnqrZM5V3J6fgNWbMb+KR0Nc8QsJq3:iaMqEVEUWZulJGgNAe0Nc8QsC
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
XMRig Miner payload
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Downloads MZ/PE file
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-