General
-
Target
e7119b0df9876a2ea122e6538a7e495e00ac0e6e413c3e357bc66e2d6a32e711
-
Size
3.8MB
-
Sample
240923-whreesygpf
-
MD5
d8c068ec1c7b58234ea34abb43aec2b3
-
SHA1
1726cb220ebc06dc714721d1ea6dd18daeb9fc11
-
SHA256
e7119b0df9876a2ea122e6538a7e495e00ac0e6e413c3e357bc66e2d6a32e711
-
SHA512
b5b1323d90962065b498c1f710078b1984dcee077f8f462c67b856f77b789f6f9bc23708684ffb50e694b26d1cecf72f8ffad33fed9e865f40c6d9902bbdaff8
-
SSDEEP
98304:Qm8NFWr4ebMWqxhSA/hD/TK8zEjcwWyvUHQc:XApebMJxQA/B/TKaEwbygQc
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/reverse_tcp
192.168.8.134:50000
Targets
-
-
Target
e7119b0df9876a2ea122e6538a7e495e00ac0e6e413c3e357bc66e2d6a32e711
-
Size
3.8MB
-
MD5
d8c068ec1c7b58234ea34abb43aec2b3
-
SHA1
1726cb220ebc06dc714721d1ea6dd18daeb9fc11
-
SHA256
e7119b0df9876a2ea122e6538a7e495e00ac0e6e413c3e357bc66e2d6a32e711
-
SHA512
b5b1323d90962065b498c1f710078b1984dcee077f8f462c67b856f77b789f6f9bc23708684ffb50e694b26d1cecf72f8ffad33fed9e865f40c6d9902bbdaff8
-
SSDEEP
98304:Qm8NFWr4ebMWqxhSA/hD/TK8zEjcwWyvUHQc:XApebMJxQA/B/TKaEwbygQc
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-