General
-
Target
e326a44a93b71ab5d70a9ec008b27f2bc39d714024c62c9bb9838fc0ccd4e818
-
Size
1.8MB
-
Sample
240621-ebv1laxelb
-
MD5
ddf939ac9206bc2454a0c8c233e12914
-
SHA1
ae736d221f03d5ea522e506d345e9a3b6b57bbfc
-
SHA256
e326a44a93b71ab5d70a9ec008b27f2bc39d714024c62c9bb9838fc0ccd4e818
-
SHA512
76feac0bd9730d1841eab00d4c5d1aeee08eabb0dec648d6853dc454765b500f3225a8b186ccbf82e907c631a7e43d9579ecbedbd65e24702e4bf39a1620aa14
-
SSDEEP
24576:/3vLRdVhZBK8NogWYO09mOGi9JdLegMZt4zEyje0sMsvjwC/hR:/3d5ZQ1SxJhL2h0J+
Static task
static1
Behavioral task
behavioral1
Sample
e326a44a93b71ab5d70a9ec008b27f2bc39d714024c62c9bb9838fc0ccd4e818.exe
Resource
win7-20240221-en
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
1.15.12.73:4567
Targets
-
-
Target
e326a44a93b71ab5d70a9ec008b27f2bc39d714024c62c9bb9838fc0ccd4e818
-
Size
1.8MB
-
MD5
ddf939ac9206bc2454a0c8c233e12914
-
SHA1
ae736d221f03d5ea522e506d345e9a3b6b57bbfc
-
SHA256
e326a44a93b71ab5d70a9ec008b27f2bc39d714024c62c9bb9838fc0ccd4e818
-
SHA512
76feac0bd9730d1841eab00d4c5d1aeee08eabb0dec648d6853dc454765b500f3225a8b186ccbf82e907c631a7e43d9579ecbedbd65e24702e4bf39a1620aa14
-
SSDEEP
24576:/3vLRdVhZBK8NogWYO09mOGi9JdLegMZt4zEyje0sMsvjwC/hR:/3d5ZQ1SxJhL2h0J+
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-