General
-
Target
2ba9d9c410468afd5e63f7b1c8bc842d3a518e2fe425fcd4564500ec24151ec1
-
Size
1.8MB
-
Sample
241108-e3mhjawakd
-
MD5
f68fea11352ab62b874822fc5621a0cc
-
SHA1
6dcf1389201fd021b82d6c74ef28ac0c5fc9c81f
-
SHA256
2ba9d9c410468afd5e63f7b1c8bc842d3a518e2fe425fcd4564500ec24151ec1
-
SHA512
0556224803b604c42899c931fd77a68fd3e63f06561ca001bf61d9e151b10fc90b472534a0328034bc1544bcdccb89590b1452228bae46d91c6f93befd9bc239
-
SSDEEP
24576:/3vLRdVhZBK8NogWYO09zOGi933YiWdCMJ5QxmjwC/hR:/3d5ZQ1Rx3IiW0MbQxA
Static task
static1
Behavioral task
behavioral1
Sample
2ba9d9c410468afd5e63f7b1c8bc842d3a518e2fe425fcd4564500ec24151ec1.exe
Resource
win7-20240729-en
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
1.15.12.73:4567
Targets
-
-
Target
2ba9d9c410468afd5e63f7b1c8bc842d3a518e2fe425fcd4564500ec24151ec1
-
Size
1.8MB
-
MD5
f68fea11352ab62b874822fc5621a0cc
-
SHA1
6dcf1389201fd021b82d6c74ef28ac0c5fc9c81f
-
SHA256
2ba9d9c410468afd5e63f7b1c8bc842d3a518e2fe425fcd4564500ec24151ec1
-
SHA512
0556224803b604c42899c931fd77a68fd3e63f06561ca001bf61d9e151b10fc90b472534a0328034bc1544bcdccb89590b1452228bae46d91c6f93befd9bc239
-
SSDEEP
24576:/3vLRdVhZBK8NogWYO09zOGi933YiWdCMJ5QxmjwC/hR:/3d5ZQ1Rx3IiW0MbQxA
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1