General
-
Target
0e764040f2fd6e55610ceb4e9c26ef5700b88f39976d568e177e5dd87177d659
-
Size
1.8MB
-
Sample
241120-ywnlsssmdt
-
MD5
4f2f750825afb052a301916e922bb070
-
SHA1
e087c8ec1d7155e1c0ac7634299af0e4e6c17a0d
-
SHA256
0e764040f2fd6e55610ceb4e9c26ef5700b88f39976d568e177e5dd87177d659
-
SHA512
6365f5159943efa200ee20b3503d0b0a6649287f73b389f7d39a50605a81ba877ac704289f5b4a798b0387e386f964728615fcb597b0b64b0c33a5c1f3d4f188
-
SSDEEP
24576:/3vLRdVhZBK8NogWYO09aOGi9JHyMJmUgLk7/QDQHcb4j4wBC33hF7b60HNB/aQf:/3d5ZQ1mxJTJm/Y88j4i0jftBCO
Static task
static1
Behavioral task
behavioral1
Sample
0e764040f2fd6e55610ceb4e9c26ef5700b88f39976d568e177e5dd87177d659.exe
Resource
win7-20240903-en
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
1.15.12.73:4567
Targets
-
-
Target
0e764040f2fd6e55610ceb4e9c26ef5700b88f39976d568e177e5dd87177d659
-
Size
1.8MB
-
MD5
4f2f750825afb052a301916e922bb070
-
SHA1
e087c8ec1d7155e1c0ac7634299af0e4e6c17a0d
-
SHA256
0e764040f2fd6e55610ceb4e9c26ef5700b88f39976d568e177e5dd87177d659
-
SHA512
6365f5159943efa200ee20b3503d0b0a6649287f73b389f7d39a50605a81ba877ac704289f5b4a798b0387e386f964728615fcb597b0b64b0c33a5c1f3d4f188
-
SSDEEP
24576:/3vLRdVhZBK8NogWYO09aOGi9JHyMJmUgLk7/QDQHcb4j4wBC33hF7b60HNB/aQf:/3d5ZQ1mxJTJm/Y88j4i0jftBCO
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1