General
-
Target
8a5b93a246ad14c60ddcbd3ee8049c7aaf29eb828925ddf9f9d726688976ad8d
-
Size
692KB
-
Sample
240621-hg28mstglp
-
MD5
f61739639a4a306981f76031345127c8
-
SHA1
574ba58eede70d1e60092d03a4d66ee8b68af68a
-
SHA256
8a5b93a246ad14c60ddcbd3ee8049c7aaf29eb828925ddf9f9d726688976ad8d
-
SHA512
d8226e136ee80c1d0c0838ab798e77d947e6071a991cb8db4e3b359f888cc89aaed3e0bd47205262ce7877935cc39edce385f9855accf47c1b8de9a7a1266c5a
-
SSDEEP
12288:q6f13oK/cDVrSs0SYnI/BNq1egCJ1y0Vm1uIf59UcudQM9zU1Jok2fP4VD:q6ftojDBeSYnI/K1pCTywjGzh2
Behavioral task
behavioral1
Sample
8a5b93a246ad14c60ddcbd3ee8049c7aaf29eb828925ddf9f9d726688976ad8d.exe
Resource
win7-20240611-en
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
1.15.12.73:4567
Targets
-
-
Target
8a5b93a246ad14c60ddcbd3ee8049c7aaf29eb828925ddf9f9d726688976ad8d
-
Size
692KB
-
MD5
f61739639a4a306981f76031345127c8
-
SHA1
574ba58eede70d1e60092d03a4d66ee8b68af68a
-
SHA256
8a5b93a246ad14c60ddcbd3ee8049c7aaf29eb828925ddf9f9d726688976ad8d
-
SHA512
d8226e136ee80c1d0c0838ab798e77d947e6071a991cb8db4e3b359f888cc89aaed3e0bd47205262ce7877935cc39edce385f9855accf47c1b8de9a7a1266c5a
-
SSDEEP
12288:q6f13oK/cDVrSs0SYnI/BNq1egCJ1y0Vm1uIf59UcudQM9zU1Jok2fP4VD:q6ftojDBeSYnI/K1pCTywjGzh2
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-