General
-
Target
8f1ff7c9eb8b16e31acbfe157a07fc439566d25536e64d9a6310bc821ddbc101
-
Size
1.8MB
-
Sample
241021-tmz61sydrg
-
MD5
00d9bcbe1d72f02d15f4c52f9c16827f
-
SHA1
593ec632f954046e0fc6a50d20047a8d296cd9ef
-
SHA256
8f1ff7c9eb8b16e31acbfe157a07fc439566d25536e64d9a6310bc821ddbc101
-
SHA512
5be6173f112d46cb3920d32f048294a7fb9a0c775cd1f6882ebc3a921b6f83f104b6617dd1583a4b75725fa9ce53cdaa9c57cc69c5ca77252be4187a5967f6ea
-
SSDEEP
24576:R3vL762VhZBJ905EmMyPnQxhe4627l9BoUj3QC/hR:R3P6UZTHeW
Static task
static1
Behavioral task
behavioral1
Sample
8f1ff7c9eb8b16e31acbfe157a07fc439566d25536e64d9a6310bc821ddbc101.exe
Resource
win7-20241010-en
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
1.15.12.73:4567
Targets
-
-
Target
8f1ff7c9eb8b16e31acbfe157a07fc439566d25536e64d9a6310bc821ddbc101
-
Size
1.8MB
-
MD5
00d9bcbe1d72f02d15f4c52f9c16827f
-
SHA1
593ec632f954046e0fc6a50d20047a8d296cd9ef
-
SHA256
8f1ff7c9eb8b16e31acbfe157a07fc439566d25536e64d9a6310bc821ddbc101
-
SHA512
5be6173f112d46cb3920d32f048294a7fb9a0c775cd1f6882ebc3a921b6f83f104b6617dd1583a4b75725fa9ce53cdaa9c57cc69c5ca77252be4187a5967f6ea
-
SSDEEP
24576:R3vL762VhZBJ905EmMyPnQxhe4627l9BoUj3QC/hR:R3P6UZTHeW
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1