Extracted

• • Target

    599860291f233356b83ee08b95aef4b3c9117c93d01c23325838086539b16e64

  • Size

    1.8MB

  • MD5

    65766d99ad0199b3c81e9e0211c581bb

  • SHA1

    b23959987b3f71fc566d650ac9561935ba88749f

  • SHA256

    599860291f233356b83ee08b95aef4b3c9117c93d01c23325838086539b16e64

  • SHA512

    91d3734aae22af6e63523dc7f6df785100239d68e78999919c9cb642c88e024388448fa59eb21dea561faafef3e3ba010ba46490ca8274a135c4a3945f9b89cf

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09KOGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ12xJIiW0MbQxA

  Score

  10^/10

  metasploitbackdoordiscoveryspywarestealertrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2