General
-
Target
482108fbb466a1a178f67e4408c0751955dd587fa56ee6f6485511c785b40b40
-
Size
186KB
-
Sample
241130-13jmjaxjcv
-
MD5
b47c94d3a3f02875f66865fb0b730988
-
SHA1
077ec3265559e3a4ba56c79013e1f5c0e494c467
-
SHA256
482108fbb466a1a178f67e4408c0751955dd587fa56ee6f6485511c785b40b40
-
SHA512
2c75c27fb8edebfa32f0d1d9e126046577fb41d80acf0075b2e8baa632839363f7da9d1f2d193dd0b0b055a6dac0b6da065348cd475c65d7fc2067b47e6db595
-
SSDEEP
3072:71qgiTJiDB6t5KakPrYUYAkDl36xokKLAiC6LndU0XRcQYkI9pNh971:ziqakD9ScoKVundPOQHCVD
Static task
static1
Behavioral task
behavioral1
Sample
482108fbb466a1a178f67e4408c0751955dd587fa56ee6f6485511c785b40b40.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
482108fbb466a1a178f67e4408c0751955dd587fa56ee6f6485511c785b40b40.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
482108fbb466a1a178f67e4408c0751955dd587fa56ee6f6485511c785b40b40
-
Size
186KB
-
MD5
b47c94d3a3f02875f66865fb0b730988
-
SHA1
077ec3265559e3a4ba56c79013e1f5c0e494c467
-
SHA256
482108fbb466a1a178f67e4408c0751955dd587fa56ee6f6485511c785b40b40
-
SHA512
2c75c27fb8edebfa32f0d1d9e126046577fb41d80acf0075b2e8baa632839363f7da9d1f2d193dd0b0b055a6dac0b6da065348cd475c65d7fc2067b47e6db595
-
SSDEEP
3072:71qgiTJiDB6t5KakPrYUYAkDl36xokKLAiC6LndU0XRcQYkI9pNh971:ziqakD9ScoKVundPOQHCVD
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
2