General
-
Target
ac40d0faab088c5c6025608bee2a19e7ca6434d375ba641d25c58dc365cef118.exe
-
Size
457KB
-
Sample
241123-pezhasvjhv
-
MD5
92d6ba61a7abad1157873743d8c99ff0
-
SHA1
7147f50c341b1d51a0454db30c67d75368541c4d
-
SHA256
ac40d0faab088c5c6025608bee2a19e7ca6434d375ba641d25c58dc365cef118
-
SHA512
b0ef35271d78f34575be5b3aeecfe3698214ac7232b5e22a07edc7cc12073f0754635568e82db8508f9c57c4a846ff9db1bf18a2b1c2bba34343735b05427afe
-
SSDEEP
6144:8SrEWDl7s5t38dX6pKE4dU7kpoTcnFOHuln+Otc+EkzI8jSejCE8aKP3sGvL4hcJ:8SgbP/GFK9Akld9g/+OuV8IRCw
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/reverse_tcp
192.168.1.36:6060
Targets
-
-
Target
ac40d0faab088c5c6025608bee2a19e7ca6434d375ba641d25c58dc365cef118.exe
-
Size
457KB
-
MD5
92d6ba61a7abad1157873743d8c99ff0
-
SHA1
7147f50c341b1d51a0454db30c67d75368541c4d
-
SHA256
ac40d0faab088c5c6025608bee2a19e7ca6434d375ba641d25c58dc365cef118
-
SHA512
b0ef35271d78f34575be5b3aeecfe3698214ac7232b5e22a07edc7cc12073f0754635568e82db8508f9c57c4a846ff9db1bf18a2b1c2bba34343735b05427afe
-
SSDEEP
6144:8SrEWDl7s5t38dX6pKE4dU7kpoTcnFOHuln+Otc+EkzI8jSejCE8aKP3sGvL4hcJ:8SgbP/GFK9Akld9g/+OuV8IRCw
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-