General
-
Target
bed8bfd98f52640bdb142d886fb86b71c0cee1dd0c8d28d24b2f019829cf08a2
-
Size
1.8MB
-
Sample
240526-l7lv5afd34
-
MD5
6918979fcb2e5e36561de0da2c9eb0e9
-
SHA1
7ef356d519c119782ac2b71e0007d58e4537fc62
-
SHA256
bed8bfd98f52640bdb142d886fb86b71c0cee1dd0c8d28d24b2f019829cf08a2
-
SHA512
283ebdb3e05c8f4f4cb28ce68574e558da3bb7226059f4536a4d826518a01f4b1b89b425716c53e7d4ea6ea7cb0d005bd9da057f0d75979967505e6551beaa08
-
SSDEEP
24576:/3vLRdVhZBK8NogWYO090OGi93bBodjwC/hR:/3d5ZQ1Yx3+
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
1.15.12.73:4567
Targets
-
-
Target
bed8bfd98f52640bdb142d886fb86b71c0cee1dd0c8d28d24b2f019829cf08a2
-
Size
1.8MB
-
MD5
6918979fcb2e5e36561de0da2c9eb0e9
-
SHA1
7ef356d519c119782ac2b71e0007d58e4537fc62
-
SHA256
bed8bfd98f52640bdb142d886fb86b71c0cee1dd0c8d28d24b2f019829cf08a2
-
SHA512
283ebdb3e05c8f4f4cb28ce68574e558da3bb7226059f4536a4d826518a01f4b1b89b425716c53e7d4ea6ea7cb0d005bd9da057f0d75979967505e6551beaa08
-
SSDEEP
24576:/3vLRdVhZBK8NogWYO090OGi93bBodjwC/hR:/3d5ZQ1Yx3+
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-