General
-
Target
bc275e53bb36047b5cb68b40ac6b5a9e170599b39f0c4ea4bb781dce3fa20461
-
Size
401KB
-
Sample
240418-hjlzfadh26
-
MD5
afcd5cc03a3f1ad37809812677874828
-
SHA1
bd2f9c861440b5b050a9bb7cf1b7785d2bc4bbac
-
SHA256
bc275e53bb36047b5cb68b40ac6b5a9e170599b39f0c4ea4bb781dce3fa20461
-
SHA512
924e0d9e9b8cee9b0250fca5e3074419b253d7332b23e71920377eaf38f7e4578086303acaf141fee428f6370d0c3dc2b6380da8a0877534625877afcf8043fe
-
SSDEEP
12288:uubsNSOetfARQAPyGU2X+tZ/iU5rhd4Ws0H1o:uubsnafAPyjt/iKrJ9H1o
Static task
static1
Behavioral task
behavioral1
Sample
bc275e53bb36047b5cb68b40ac6b5a9e170599b39f0c4ea4bb781dce3fa20461.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bc275e53bb36047b5cb68b40ac6b5a9e170599b39f0c4ea4bb781dce3fa20461.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
metasploit
windows/reverse_tcp
192.168.72.128:1234
192.168.72.128:1111
Targets
-
-
Target
bc275e53bb36047b5cb68b40ac6b5a9e170599b39f0c4ea4bb781dce3fa20461
-
Size
401KB
-
MD5
afcd5cc03a3f1ad37809812677874828
-
SHA1
bd2f9c861440b5b050a9bb7cf1b7785d2bc4bbac
-
SHA256
bc275e53bb36047b5cb68b40ac6b5a9e170599b39f0c4ea4bb781dce3fa20461
-
SHA512
924e0d9e9b8cee9b0250fca5e3074419b253d7332b23e71920377eaf38f7e4578086303acaf141fee428f6370d0c3dc2b6380da8a0877534625877afcf8043fe
-
SSDEEP
12288:uubsNSOetfARQAPyGU2X+tZ/iU5rhd4Ws0H1o:uubsnafAPyjt/iKrJ9H1o
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-