General
-
Target
021944fb6a5f8018dd23cc84df1a4d5dd142485cb2d8022c0181fe392f9997a4
-
Size
1.8MB
-
Sample
240607-nl6dragd84
-
MD5
6929ac5d47064fb7d93dd7934165ce3b
-
SHA1
a88547a702047693823115f7909d99e4ec6e4181
-
SHA256
021944fb6a5f8018dd23cc84df1a4d5dd142485cb2d8022c0181fe392f9997a4
-
SHA512
c7af03cd229db6f872a15e36812f12eab61914f8f84018c6d4191e42a7f4d0bd927d704385bdf1de34aee3026bb17bcdc3bf3b94e261ed482d427a0b6d994675
-
SSDEEP
24576:/3vLRdVhZBK8NogWYO096OGi93PnXixUmjkfe4o7AWibjwC/hR:/3d5ZQ1Ox3PXkUgWe4o0Win
Static task
static1
Behavioral task
behavioral1
Sample
021944fb6a5f8018dd23cc84df1a4d5dd142485cb2d8022c0181fe392f9997a4.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
021944fb6a5f8018dd23cc84df1a4d5dd142485cb2d8022c0181fe392f9997a4.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
1.15.12.73:4567
Targets
-
-
Target
021944fb6a5f8018dd23cc84df1a4d5dd142485cb2d8022c0181fe392f9997a4
-
Size
1.8MB
-
MD5
6929ac5d47064fb7d93dd7934165ce3b
-
SHA1
a88547a702047693823115f7909d99e4ec6e4181
-
SHA256
021944fb6a5f8018dd23cc84df1a4d5dd142485cb2d8022c0181fe392f9997a4
-
SHA512
c7af03cd229db6f872a15e36812f12eab61914f8f84018c6d4191e42a7f4d0bd927d704385bdf1de34aee3026bb17bcdc3bf3b94e261ed482d427a0b6d994675
-
SSDEEP
24576:/3vLRdVhZBK8NogWYO096OGi93PnXixUmjkfe4o7AWibjwC/hR:/3d5ZQ1Ox3PXkUgWe4o0Win
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-