General
-
Target
be0173862bf8aeb4a4b2cbac206b9696bfd367f84ee70d25b1138fdfa04a208d
-
Size
1.8MB
-
Sample
240523-j7tvmaae92
-
MD5
cb4ba6416cde10601ecab0c757c5e03e
-
SHA1
ec26d878ac04f33de2966a3bf1a333c1b7bd3283
-
SHA256
be0173862bf8aeb4a4b2cbac206b9696bfd367f84ee70d25b1138fdfa04a208d
-
SHA512
72c163a50e9f29f6019be181ba38fadfde8788acc392815661754b785bb4829b11a520c1c318357259d0e5a1ed991100db145dfa1dc9d74fc5d2bca6055327d1
-
SSDEEP
24576:R3vL762VhZBJ905EmMyPnQxhe4427l9BoUj3QC/hR:R3P6UZTHMW
Static task
static1
Behavioral task
behavioral1
Sample
be0173862bf8aeb4a4b2cbac206b9696bfd367f84ee70d25b1138fdfa04a208d.exe
Resource
win7-20240215-en
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
1.15.12.73:4567
Targets
-
-
Target
be0173862bf8aeb4a4b2cbac206b9696bfd367f84ee70d25b1138fdfa04a208d
-
Size
1.8MB
-
MD5
cb4ba6416cde10601ecab0c757c5e03e
-
SHA1
ec26d878ac04f33de2966a3bf1a333c1b7bd3283
-
SHA256
be0173862bf8aeb4a4b2cbac206b9696bfd367f84ee70d25b1138fdfa04a208d
-
SHA512
72c163a50e9f29f6019be181ba38fadfde8788acc392815661754b785bb4829b11a520c1c318357259d0e5a1ed991100db145dfa1dc9d74fc5d2bca6055327d1
-
SSDEEP
24576:R3vL762VhZBJ905EmMyPnQxhe4427l9BoUj3QC/hR:R3P6UZTHMW
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-