General
-
Target
994af8b2aab42a023940e7bc5e693fb435cfc167264e85f1b5f339aad0e60447
-
Size
1.1MB
-
Sample
240525-qtvckaec3s
-
MD5
a7a7570f35c66da1041279344481b878
-
SHA1
6abf7331f6553b4f5f76fba1a12405c697cb6bd5
-
SHA256
994af8b2aab42a023940e7bc5e693fb435cfc167264e85f1b5f339aad0e60447
-
SHA512
9c0b9086e2fba213f949fc2ac1bf7a1b847bf414c836c750498f169125fbb999639fe18f28cccf9e743fd01474ab7282887b684150e70be385ab18110796ac9a
-
SSDEEP
24576:uubsnafAPykB/Sg4amW5lRqjV2HQro+io5wZpmzOo43gNtQo:wbpS6mW5KOQrb35wZpuOo1Nx
Static task
static1
Behavioral task
behavioral1
Sample
994af8b2aab42a023940e7bc5e693fb435cfc167264e85f1b5f339aad0e60447.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
994af8b2aab42a023940e7bc5e693fb435cfc167264e85f1b5f339aad0e60447.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
metasploit
windows/download_exec
http://47.242.225.31:7736/c/msdownload/update/others/2022/07/4212356
- headers User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40
Targets
-
-
Target
994af8b2aab42a023940e7bc5e693fb435cfc167264e85f1b5f339aad0e60447
-
Size
1.1MB
-
MD5
a7a7570f35c66da1041279344481b878
-
SHA1
6abf7331f6553b4f5f76fba1a12405c697cb6bd5
-
SHA256
994af8b2aab42a023940e7bc5e693fb435cfc167264e85f1b5f339aad0e60447
-
SHA512
9c0b9086e2fba213f949fc2ac1bf7a1b847bf414c836c750498f169125fbb999639fe18f28cccf9e743fd01474ab7282887b684150e70be385ab18110796ac9a
-
SSDEEP
24576:uubsnafAPykB/Sg4amW5lRqjV2HQro+io5wZpmzOo43gNtQo:wbpS6mW5KOQrb35wZpuOo1Nx
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-