General
-
Target
c993c6d0b6435f0d581dc1564321a2f485435e90152546bf2fdb79a4a5f3a8dd
-
Size
3.7MB
-
Sample
240629-e5z7eatgmp
-
MD5
4fcb38f72900884de000d6b31a3b7283
-
SHA1
29ffe01229ca98a9724749d8e5400b868a4f6c2d
-
SHA256
c993c6d0b6435f0d581dc1564321a2f485435e90152546bf2fdb79a4a5f3a8dd
-
SHA512
f8a04170bde430c691fc99b249b2cb4ac088295f523599837b18857775607fa9894057d846330ccccca35e7e0677801d2fa7b51073547c375b03dc2fba652295
-
SSDEEP
98304:h1W+kIBGY5GK8/5b1mYCKC0peAMA9kRvv44J4P8w:hI+38/51C+peAMAynzJ4P8
Behavioral task
behavioral1
Sample
c993c6d0b6435f0d581dc1564321a2f485435e90152546bf2fdb79a4a5f3a8dd.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
c993c6d0b6435f0d581dc1564321a2f485435e90152546bf2fdb79a4a5f3a8dd.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
192.168.204.138:1234
Targets
-
-
Target
c993c6d0b6435f0d581dc1564321a2f485435e90152546bf2fdb79a4a5f3a8dd
-
Size
3.7MB
-
MD5
4fcb38f72900884de000d6b31a3b7283
-
SHA1
29ffe01229ca98a9724749d8e5400b868a4f6c2d
-
SHA256
c993c6d0b6435f0d581dc1564321a2f485435e90152546bf2fdb79a4a5f3a8dd
-
SHA512
f8a04170bde430c691fc99b249b2cb4ac088295f523599837b18857775607fa9894057d846330ccccca35e7e0677801d2fa7b51073547c375b03dc2fba652295
-
SSDEEP
98304:h1W+kIBGY5GK8/5b1mYCKC0peAMA9kRvv44J4P8w:hI+38/51C+peAMAynzJ4P8
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-