General
-
Target
21cc4b252c5c1acd98a075a299e7a929e53138ec3ee4e5b66920e3d8107440b4N
-
Size
252KB
-
Sample
240921-kssjpatgln
-
MD5
e4ed055c8bb12f3e97eed72634b41be0
-
SHA1
0906b7fc355f475695799cc046b7d496bd2346fa
-
SHA256
21cc4b252c5c1acd98a075a299e7a929e53138ec3ee4e5b66920e3d8107440b4
-
SHA512
5980e7a22d1d952df78f0e70191fd1fbf0ff10e2381937a9cbf1f16b073d56d1346a9308b8a938b16e4efcc69cbc7c3a65418ff246de12d9e0a62a0f44126435
-
SSDEEP
6144:i8qTImoqYir+SU/cxnBcPJxFByfzV5QNCxcMg3iaTP1QScfhV:2IqYiKS2cxBKJxkV5QpD3iaTPeScP
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
21cc4b252c5c1acd98a075a299e7a929e53138ec3ee4e5b66920e3d8107440b4N
-
Size
252KB
-
MD5
e4ed055c8bb12f3e97eed72634b41be0
-
SHA1
0906b7fc355f475695799cc046b7d496bd2346fa
-
SHA256
21cc4b252c5c1acd98a075a299e7a929e53138ec3ee4e5b66920e3d8107440b4
-
SHA512
5980e7a22d1d952df78f0e70191fd1fbf0ff10e2381937a9cbf1f16b073d56d1346a9308b8a938b16e4efcc69cbc7c3a65418ff246de12d9e0a62a0f44126435
-
SSDEEP
6144:i8qTImoqYir+SU/cxnBcPJxFByfzV5QNCxcMg3iaTP1QScfhV:2IqYiKS2cxBKJxkV5QpD3iaTPeScP
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-