General
-
Target
4ce17e3af0347f9ef9b3be6ceb62aa56a226989b5ea352eb40dc26c040b3b39b
-
Size
1.8MB
-
Sample
240424-1ctd2saa98
-
MD5
10569f7547f796863ca0068a42eebb85
-
SHA1
862ac08fcac0c75ba286904c5a8cdfa914e903f2
-
SHA256
4ce17e3af0347f9ef9b3be6ceb62aa56a226989b5ea352eb40dc26c040b3b39b
-
SHA512
e55d0e3ea9d363d36af3629060b2e5c61c52b5f9c4d9c12d25ec638c1d826bbb301e87c2cf780575d7762e69b96bc13e41ce0ad29a37fc75b20950ba3b4c3fdf
-
SSDEEP
24576:/3vLRdVhZBK8NogWYO09/OGi933YiWdCMJ5QxmjwC/hR:/3d5ZQ1Vx3IiW0MbQxA
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
1.15.12.73:4567
Targets
-
-
Target
4ce17e3af0347f9ef9b3be6ceb62aa56a226989b5ea352eb40dc26c040b3b39b
-
Size
1.8MB
-
MD5
10569f7547f796863ca0068a42eebb85
-
SHA1
862ac08fcac0c75ba286904c5a8cdfa914e903f2
-
SHA256
4ce17e3af0347f9ef9b3be6ceb62aa56a226989b5ea352eb40dc26c040b3b39b
-
SHA512
e55d0e3ea9d363d36af3629060b2e5c61c52b5f9c4d9c12d25ec638c1d826bbb301e87c2cf780575d7762e69b96bc13e41ce0ad29a37fc75b20950ba3b4c3fdf
-
SSDEEP
24576:/3vLRdVhZBK8NogWYO09/OGi933YiWdCMJ5QxmjwC/hR:/3d5ZQ1Vx3IiW0MbQxA
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-