Extracted

• • Target

    f1cb1bc022b7b261163dc47a73f62ba5f34a58688e3316ac4d27aafcf1088ad1

  • Size

    748KB

  • MD5

    5152b43ac6e49caf199a1de7cf0bc960

  • SHA1

    24b71e505a7393d79c19bc80337a791f217fc35a

  • SHA256

    f1cb1bc022b7b261163dc47a73f62ba5f34a58688e3316ac4d27aafcf1088ad1

  • SHA512

    e1357319f225e95c32cd526285ac9b22b0f625a05e7c166b10f4261fae6351c5e455d700c4b9ff20fa63beba658d68b461af911f376961cd20f893be928f4667

  • SSDEEP

    12288:q6f13oK/cDVrSs0SYnIuJ1sIugOGxu5ejMuHLO36eQoqkkT2fP4VD:q6ftojDBeSYnIezZtuGMuHGcT2

  Score

  10^/10

  metasploitbackdoordiscoveryspywarestealertrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory

  behavioral1behavioral2