General
-
Target
3743a44cc15235d533b7b29929697e81d1ee9c953e1a48f388e8cab4f3743455
-
Size
1.8MB
-
Sample
241212-xxkqvsvjdv
-
MD5
ec507d3790a28583fef3aa88678477c7
-
SHA1
600980c974810a2a1af97a67842a86347dd191d5
-
SHA256
3743a44cc15235d533b7b29929697e81d1ee9c953e1a48f388e8cab4f3743455
-
SHA512
c33184c9911b873d67358d4a5f9a802c952e02071b51f28e10c07dece27286842f67cb539ee4de83f3fb27ade4a5ded1fcbdfd8112845ebf7b67ca958575d6a2
-
SSDEEP
24576:/3vLRdVhZBK8NogWYO09POGi9JbBodjwC/hR:/3d5ZQ1FxJ+
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
1.15.12.73:4567
Targets
-
-
Target
3743a44cc15235d533b7b29929697e81d1ee9c953e1a48f388e8cab4f3743455
-
Size
1.8MB
-
MD5
ec507d3790a28583fef3aa88678477c7
-
SHA1
600980c974810a2a1af97a67842a86347dd191d5
-
SHA256
3743a44cc15235d533b7b29929697e81d1ee9c953e1a48f388e8cab4f3743455
-
SHA512
c33184c9911b873d67358d4a5f9a802c952e02071b51f28e10c07dece27286842f67cb539ee4de83f3fb27ade4a5ded1fcbdfd8112845ebf7b67ca958575d6a2
-
SSDEEP
24576:/3vLRdVhZBK8NogWYO09POGi9JbBodjwC/hR:/3d5ZQ1FxJ+
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1