Extracted

• • Target

    4d304079d4b1a3fb7ddbd2ec2d74564a0eef6c317d6b084198914a4f6fafa94d

  • Size

    1.8MB

  • MD5

    337c348f06b70f20ce6987e682d53437

  • SHA1

    c0a27d60de1ac44221e6ccea5ed13e08f3b312e9

  • SHA256

    4d304079d4b1a3fb7ddbd2ec2d74564a0eef6c317d6b084198914a4f6fafa94d

  • SHA512

    42e948d21d57c518b8cf72003cfee366b2b4f810efd987cba52189c5ac41fd1a5201f0742b878bf49ab906a08ae59b7c14daf39f3c25e5c3798d93d4ccdf365c

  • SSDEEP

    24576:R3vL762VhZBJ905EmMyPnQxhe4a27lpYiWdCMJ5Qx3j3QC/hR:R3P6UZTH2W+iW0MbQx

  Score

  10^/10

  metasploitbackdoordiscoveryspywarestealertrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2