General
-
Target
ob.exe
-
Size
72KB
-
Sample
240526-p6y1vafc84
-
MD5
a9cbb39c444099cc845042715642b3ae
-
SHA1
172394be0eaebdd74a793d534d03fbd15ceebbb7
-
SHA256
97e9d58c9203373d457756c312075cf6d529115df21b1ccb02e22d8808cd9b23
-
SHA512
46c5cc4e604fa25267b721aa523b93a3b4169af497eb4dd8cb5a8495ecc44b028abd9948510d77b48ab01cb4e382f3b17699f1e9b8f8a992c4038f737948f894
-
SSDEEP
1536:IU/VhJ9ojsHHRRL8Aoy07H7vpd87bpvOPbhMb+KR0Nc8QsJq39:t/7J9ojybL8ATUs7Qzhe0Nc8QsC9
Behavioral task
behavioral1
Sample
ob.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
ob.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/reverse_tcp
146.190.15.117:60170
Targets
-
-
Target
ob.exe
-
Size
72KB
-
MD5
a9cbb39c444099cc845042715642b3ae
-
SHA1
172394be0eaebdd74a793d534d03fbd15ceebbb7
-
SHA256
97e9d58c9203373d457756c312075cf6d529115df21b1ccb02e22d8808cd9b23
-
SHA512
46c5cc4e604fa25267b721aa523b93a3b4169af497eb4dd8cb5a8495ecc44b028abd9948510d77b48ab01cb4e382f3b17699f1e9b8f8a992c4038f737948f894
-
SSDEEP
1536:IU/VhJ9ojsHHRRL8Aoy07H7vpd87bpvOPbhMb+KR0Nc8QsJq39:t/7J9ojybL8ATUs7Qzhe0Nc8QsC9
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Blocklisted process makes network request
-
Creates new service(s)
-
Executes dropped EXE
-
Drops file in System32 directory
-