Extracted

• • Target

    bd1e53456c765350ba1997115d1875eed0513df871743dd0fc0b4bc7cabea3bd

  • Size

    86KB

  • MD5

    f89ebbcffd60792e25a7bf96a3278fba

  • SHA1

    121df0f4ab4270e502efdcb0a3139969736c92ae

  • SHA256

    bd1e53456c765350ba1997115d1875eed0513df871743dd0fc0b4bc7cabea3bd

  • SHA512

    7764c274f14ba0ebc8032b3c8d725a8b946406df3d4647a13117531269340edd34eb1bccbd04e4c3ca9e4be5ab274ab405179fd2adba41334ee86f9724bffb3e

  • SSDEEP

    1536:3qS4hV/JFlWb5lHbaaIXLN8Xj7fnfIMx8rf/xvgtYx8vT:MhV8b5lHGaUWz7ffHWrBvDGv

  Score

  10^/10

  metasploitbackdoorpersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Adds policy Run key to start application

    persistence

  • Drops file in Drivers directory

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2