Extracted

• • Target

    c25770e579737a4333ecc8a9051f576c6f01fa74aa4a3f408a17818d1846baae

  • Size

    1.8MB

  • MD5

    6b62a229e8fdf4dae696f9f4a8d2b6cc

  • SHA1

    0d89b8fb5247aff2109a9b9e8a87eafcd6eab49e

  • SHA256

    c25770e579737a4333ecc8a9051f576c6f01fa74aa4a3f408a17818d1846baae

  • SHA512

    0a8b36ef6326df03961d54df4610e056cdab1d9867ebe5683e70aff795c66563477831031bb1c63fc67e1640dd611440365f30941d0ca127163c36b49de0bb27

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09aOGi93bBodjwC/hR:/3d5ZQ1Gx3+

  Score

  10^/10

  metasploitbackdoordiscoveryspywarestealertrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory

  behavioral1behavioral2