General
-
Target
f8fb4fa9ae5c4b9e0b9fbd9c5b14baef4a2f420d1cea1e7cb32825aea398068e
-
Size
1.8MB
-
Sample
240425-g3hkpage4z
-
MD5
349051517c0183d7f6d3332f3866ef95
-
SHA1
43243e0f90155f807d0897f7e60fb450e534cd80
-
SHA256
f8fb4fa9ae5c4b9e0b9fbd9c5b14baef4a2f420d1cea1e7cb32825aea398068e
-
SHA512
b6408410c4db6bec234dea4373ededaf5c170f5c65c9abc35f8e72bf775503933cfc5030686677a9eb949c364d29c99ffd841a1dda79379ec81e766c2957b08e
-
SSDEEP
24576:/3vLRdVhZBK8NogWYO09jOGi93bBodjwC/hR:/3d5ZQ1lx3+
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
1.15.12.73:4567
Targets
-
-
Target
f8fb4fa9ae5c4b9e0b9fbd9c5b14baef4a2f420d1cea1e7cb32825aea398068e
-
Size
1.8MB
-
MD5
349051517c0183d7f6d3332f3866ef95
-
SHA1
43243e0f90155f807d0897f7e60fb450e534cd80
-
SHA256
f8fb4fa9ae5c4b9e0b9fbd9c5b14baef4a2f420d1cea1e7cb32825aea398068e
-
SHA512
b6408410c4db6bec234dea4373ededaf5c170f5c65c9abc35f8e72bf775503933cfc5030686677a9eb949c364d29c99ffd841a1dda79379ec81e766c2957b08e
-
SSDEEP
24576:/3vLRdVhZBK8NogWYO09jOGi93bBodjwC/hR:/3d5ZQ1lx3+
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-