General
-
Target
464d75dbdcf6f1d63548ae38cc526bffed1c2230cdc566cbfefedc5f1dbf37d8.exe
-
Size
686KB
-
Sample
240707-nfnlratblg
-
MD5
4cc83c1d4ec13a4af32da81c6b04351f
-
SHA1
870bffd2f93673d0b370f28a2d84f8df0cc5a112
-
SHA256
464d75dbdcf6f1d63548ae38cc526bffed1c2230cdc566cbfefedc5f1dbf37d8
-
SHA512
6b5015d8498e548792cafbe2d9a6ef422d117d3d869d8493d35ef8c2276c689fee59894dd9625c8222b450c96fd62a4e65794cfd5d99208b76ca6bc6f0916453
-
SSDEEP
12288:nsaY8rL/gEqsKwjPFNrYDBg7/r5Mt7jDFwHKfZMJjkn0br9ExYLPee2ig4k4hBF8:B/rLjqLmPFNrYDa7/6tXDGqfZMtlbS0E
Behavioral task
behavioral1
Sample
464d75dbdcf6f1d63548ae38cc526bffed1c2230cdc566cbfefedc5f1dbf37d8.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
464d75dbdcf6f1d63548ae38cc526bffed1c2230cdc566cbfefedc5f1dbf37d8.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
metasploit
windows/reverse_tcp
192.168.0.101:5555
Targets
-
-
Target
464d75dbdcf6f1d63548ae38cc526bffed1c2230cdc566cbfefedc5f1dbf37d8.exe
-
Size
686KB
-
MD5
4cc83c1d4ec13a4af32da81c6b04351f
-
SHA1
870bffd2f93673d0b370f28a2d84f8df0cc5a112
-
SHA256
464d75dbdcf6f1d63548ae38cc526bffed1c2230cdc566cbfefedc5f1dbf37d8
-
SHA512
6b5015d8498e548792cafbe2d9a6ef422d117d3d869d8493d35ef8c2276c689fee59894dd9625c8222b450c96fd62a4e65794cfd5d99208b76ca6bc6f0916453
-
SSDEEP
12288:nsaY8rL/gEqsKwjPFNrYDBg7/r5Mt7jDFwHKfZMJjkn0br9ExYLPee2ig4k4hBF8:B/rLjqLmPFNrYDa7/6tXDGqfZMtlbS0E
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-