Extracted

• • Target

    222aab248a00db50805c845e4f61f44ec2913180fd1f05a35e236a2e89171d72

  • Size

    1.8MB

  • MD5

    12d30586991294cb21fe0c9ca0aee06a

  • SHA1

    98bcd1310a594d166403e3ce669f625d7307d9f1

  • SHA256

    222aab248a00db50805c845e4f61f44ec2913180fd1f05a35e236a2e89171d72

  • SHA512

    5e1aec34c8e805f5277311b8dcd1d8a4560cdfdbea16cefb6a9033b99abcd4abe7809cf9f2d16e70725a729fdb041770da8640420bc8491efdbe4896e2192a5c

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09SOGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ1+xJIiW0MbQxA

  Score

  10^/10

  metasploitbackdoordiscoveryspywarestealertrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2