General
-
Target
b133dcdcfb0b24ad9e785a5e9ec701a0072b71de77c3f66065a17b1eee3acf1dN.exe
-
Size
202KB
-
Sample
241220-ax7jasvngq
-
MD5
fbe5345d36c187ff6097937069209e20
-
SHA1
768bce8542cd07122d6874848e01d509fd0e93ef
-
SHA256
b133dcdcfb0b24ad9e785a5e9ec701a0072b71de77c3f66065a17b1eee3acf1d
-
SHA512
1b61d370a898f6b9543d73735202fd39969d8f4a1808a6f48fb21761c35e8ccbb5f75e9b02a6d5bf2cc17596a5ebf00ef4bdeff8087f1b9b3e4fbaae670f13fc
-
SSDEEP
3072:BRXdRefOZgmxAXRyBix3ugNebpQx3Kf3UT7YrTPo2PnZycxAAEgE1WeZH/CRuApd:jXDefmwk8ev/rToyMcxEgVeZiuuOs
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
b133dcdcfb0b24ad9e785a5e9ec701a0072b71de77c3f66065a17b1eee3acf1dN.exe
-
Size
202KB
-
MD5
fbe5345d36c187ff6097937069209e20
-
SHA1
768bce8542cd07122d6874848e01d509fd0e93ef
-
SHA256
b133dcdcfb0b24ad9e785a5e9ec701a0072b71de77c3f66065a17b1eee3acf1d
-
SHA512
1b61d370a898f6b9543d73735202fd39969d8f4a1808a6f48fb21761c35e8ccbb5f75e9b02a6d5bf2cc17596a5ebf00ef4bdeff8087f1b9b3e4fbaae670f13fc
-
SSDEEP
3072:BRXdRefOZgmxAXRyBix3ugNebpQx3Kf3UT7YrTPo2PnZycxAAEgE1WeZH/CRuApd:jXDefmwk8ev/rToyMcxEgVeZiuuOs
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-