General
-
Target
a5d024a0be4a491e5004b9c4c1343fc172e210cc1bf78641d512c6fd9ec41f62.exe
-
Size
124KB
-
Sample
240507-byzeracd8y
-
MD5
21d6b63327f1f57348899d5992d43102
-
SHA1
c1f72ac6dedd7817c094c41df3d9dd505675d93d
-
SHA256
a5d024a0be4a491e5004b9c4c1343fc172e210cc1bf78641d512c6fd9ec41f62
-
SHA512
0af75df0a6dfe44b33b03f4dc716c48db3a479f438fe0a9332b82cc832ffdb2d56254b073bfb67feed8c0f5516ede72a93f1de70e62c8ae9e9e9fd09f600d1cf
-
SSDEEP
1536:IFaM5mTEVEQnqrZM5V3J6fgNWbMb+KR0Nc8QsJq3:iaMqEVEUWZulJGgNAe0Nc8QsC
Behavioral task
behavioral1
Sample
a5d024a0be4a491e5004b9c4c1343fc172e210cc1bf78641d512c6fd9ec41f62.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
a5d024a0be4a491e5004b9c4c1343fc172e210cc1bf78641d512c6fd9ec41f62.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
metasploit
windows/reverse_tcp
86.104.74.31:9981
Extracted
metasploit
windows/reverse_winhttp
https://86.104.74.31:2526/fd3zz0jliLkQrhGvdpeVpgk3G__x63mWh1gI58R0JEHOZwCxT5ADz_cyqt144D8WxjMAXj9F
https://86.104.74.31:2526/2aG3s4BznEOv9K71yc0q_whJz7KSR0Komc11phDYyHAY4wSUj8VDKyDhXsEoYruZ__ETm7oRdSJL70mbAAEeUC4ro-qD0923WcnAgSKqHnnC9DI8EPIpBtptckd1TuHmekMEteXfbOd-7Gt49Bc9EVbWS2Shhc5U28c3m-3MY6lAR
Targets
-
-
Target
a5d024a0be4a491e5004b9c4c1343fc172e210cc1bf78641d512c6fd9ec41f62.exe
-
Size
124KB
-
MD5
21d6b63327f1f57348899d5992d43102
-
SHA1
c1f72ac6dedd7817c094c41df3d9dd505675d93d
-
SHA256
a5d024a0be4a491e5004b9c4c1343fc172e210cc1bf78641d512c6fd9ec41f62
-
SHA512
0af75df0a6dfe44b33b03f4dc716c48db3a479f438fe0a9332b82cc832ffdb2d56254b073bfb67feed8c0f5516ede72a93f1de70e62c8ae9e9e9fd09f600d1cf
-
SSDEEP
1536:IFaM5mTEVEQnqrZM5V3J6fgNWbMb+KR0Nc8QsJq3:iaMqEVEUWZulJGgNAe0Nc8QsC
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-