Extracted

• • Target

    0489f06de73f7da02f24755a712e5f393f6b88452097e65b170ccade29f44663

  • Size

    1.8MB

  • MD5

    4e1152e3c08a64d6ddc8feb116cecd03

  • SHA1

    2908792281c4392cc7e09fb5501e326b625f7f21

  • SHA256

    0489f06de73f7da02f24755a712e5f393f6b88452097e65b170ccade29f44663

  • SHA512

    a7305d469775ed389d977fae6d8376d3662e4b48562fde50f3321ec9278d2fe1cec40db3104021d6ccfff39b5572e9c115d23ad93ad2d86ef2689e5b3a90b77f

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09oOGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ1IxJIiW0MbQxA

  Score

  10^/10

  metasploitbackdoordiscoveryspywarestealertrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2