General
-
Target
wrar393es.exe
-
Size
1.4MB
-
Sample
240605-brv4rahh7y
-
MD5
5de35fab0bd47243ebdab45b64cac273
-
SHA1
cee9d0dee8b91952ad03692c9485fe24ceff72e6
-
SHA256
6e55531e2205c2f9242a9b2cd9303b60ec9699e0fab26b1e5a7f9f97136ad647
-
SHA512
09a8b9d035c9fa67322f50f5a6d903b4bc5aa3028bcda1e218a48922b27baf1867180c754410c94dcc77013d31b7ea3f3a0d67ca8e542f23fbeaaf61a161db0d
-
SSDEEP
24576:G38+om3OL/FTrSSZFY0KdfYhMSnb4biHUy+2PBUnNwhqSoocQhP5+BYbNDJu+6kL:G74/Fv9hKdfIvb2iH/JiNWVtcQh5+6ga
Static task
static1
Behavioral task
behavioral1
Sample
wrar393es.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
wrar393es.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
172.20.10.7:2425
Targets
-
-
Target
wrar393es.exe
-
Size
1.4MB
-
MD5
5de35fab0bd47243ebdab45b64cac273
-
SHA1
cee9d0dee8b91952ad03692c9485fe24ceff72e6
-
SHA256
6e55531e2205c2f9242a9b2cd9303b60ec9699e0fab26b1e5a7f9f97136ad647
-
SHA512
09a8b9d035c9fa67322f50f5a6d903b4bc5aa3028bcda1e218a48922b27baf1867180c754410c94dcc77013d31b7ea3f3a0d67ca8e542f23fbeaaf61a161db0d
-
SSDEEP
24576:G38+om3OL/FTrSSZFY0KdfYhMSnb4biHUy+2PBUnNwhqSoocQhP5+BYbNDJu+6kL:G74/Fv9hKdfIvb2iH/JiNWVtcQh5+6ga
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Event Triggered Execution
1Change Default File Association
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1