Extracted

• • Target

    484180137520ab9fd4226f5f6bb863927d9b23971aba3e2a10158e2588f6d8e4

  • Size

    1.8MB

  • MD5

    935d0fa1882822e85014a7a9c1834e15

  • SHA1

    5d72b82374465cfbd697adb20f21b2b2b18ef033

  • SHA256

    484180137520ab9fd4226f5f6bb863927d9b23971aba3e2a10158e2588f6d8e4

  • SHA512

    e594f882324fcd41909cd743ea0e5492bf4d1b63435a41b2bef76b0890a6a8830b0d60d8a72a5e47197962c0e4b92685adf0212300b6e1a8211373a01ca8b1d7

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO091OGi9JPnXixUmjkfe4o7AWibjwC/hR:/3d5ZQ1XxJPXkUgWe4o0Win

  Score

  10^/10

  metasploitbackdoordiscoveryspywarestealertrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2