General
-
Target
21d6b63327f1f57348899d5992d43102.exe
-
Size
124KB
-
Sample
240506-hs7x9scg6w
-
MD5
21d6b63327f1f57348899d5992d43102
-
SHA1
c1f72ac6dedd7817c094c41df3d9dd505675d93d
-
SHA256
a5d024a0be4a491e5004b9c4c1343fc172e210cc1bf78641d512c6fd9ec41f62
-
SHA512
0af75df0a6dfe44b33b03f4dc716c48db3a479f438fe0a9332b82cc832ffdb2d56254b073bfb67feed8c0f5516ede72a93f1de70e62c8ae9e9e9fd09f600d1cf
-
SSDEEP
1536:IFaM5mTEVEQnqrZM5V3J6fgNWbMb+KR0Nc8QsJq3:iaMqEVEUWZulJGgNAe0Nc8QsC
Behavioral task
behavioral1
Sample
21d6b63327f1f57348899d5992d43102.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
21d6b63327f1f57348899d5992d43102.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
metasploit
windows/reverse_tcp
86.104.74.31:9981
Extracted
metasploit
windows/reverse_winhttp
https://86.104.74.31:2526/RA16f452MojHbcZsoVVHLwfmf2LL2vv_SyIdICyt06x8VXvrljLTg45B5Cw-8HN4Y6yGrVqLDLgnNYf6PspY3fW_UMqKFdRHaVgq5uFm4HN74-I_qCQMu1aA9HzMzSUh35FOziD5j5xcZnHTbA9p3F83Gh0GW05Phn8V2CUDEsBs7HHQyiXfFHvkQmaThVabGuTM2tXrih9GR_arJptYF_frrhl634
https://86.104.74.31:2526/ikfdrhy-qkcCVANVZGyCLw-WZQJ__3gJI6bV47gaYkMVSsAScxNyy
Targets
-
-
Target
21d6b63327f1f57348899d5992d43102.exe
-
Size
124KB
-
MD5
21d6b63327f1f57348899d5992d43102
-
SHA1
c1f72ac6dedd7817c094c41df3d9dd505675d93d
-
SHA256
a5d024a0be4a491e5004b9c4c1343fc172e210cc1bf78641d512c6fd9ec41f62
-
SHA512
0af75df0a6dfe44b33b03f4dc716c48db3a479f438fe0a9332b82cc832ffdb2d56254b073bfb67feed8c0f5516ede72a93f1de70e62c8ae9e9e9fd09f600d1cf
-
SSDEEP
1536:IFaM5mTEVEQnqrZM5V3J6fgNWbMb+KR0Nc8QsJq3:iaMqEVEUWZulJGgNAe0Nc8QsC
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-