General
-
Target
87228f163d1422a94f0bc4b5e58eda0f4bb51615d8146ec3c873f0b6987319a3
-
Size
1.8MB
-
Sample
240517-rqkjmabe5v
-
MD5
bcbf6cde461ac107ad366b4aafc162a8
-
SHA1
478fc541027e351de18e2b70f0218e82ce828e98
-
SHA256
87228f163d1422a94f0bc4b5e58eda0f4bb51615d8146ec3c873f0b6987319a3
-
SHA512
6ab0a6d8c288d30db2aefa593d7e82526a7cde2d54411e2f373d67d1a31e34323ce63ddcd633eae14f32f58afe3c355d90c01d973f45d417c1d70a93b8a0944f
-
SSDEEP
24576:R3vL762VhZBJ905EmMyPnQxhe4627l9BoUj3QC/hR:R3P6UZTHeW
Static task
static1
Behavioral task
behavioral1
Sample
87228f163d1422a94f0bc4b5e58eda0f4bb51615d8146ec3c873f0b6987319a3.exe
Resource
win7-20240220-en
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
1.15.12.73:4567
Targets
-
-
Target
87228f163d1422a94f0bc4b5e58eda0f4bb51615d8146ec3c873f0b6987319a3
-
Size
1.8MB
-
MD5
bcbf6cde461ac107ad366b4aafc162a8
-
SHA1
478fc541027e351de18e2b70f0218e82ce828e98
-
SHA256
87228f163d1422a94f0bc4b5e58eda0f4bb51615d8146ec3c873f0b6987319a3
-
SHA512
6ab0a6d8c288d30db2aefa593d7e82526a7cde2d54411e2f373d67d1a31e34323ce63ddcd633eae14f32f58afe3c355d90c01d973f45d417c1d70a93b8a0944f
-
SSDEEP
24576:R3vL762VhZBJ905EmMyPnQxhe4627l9BoUj3QC/hR:R3P6UZTHeW
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-