Extracted

• • Target

    51e37fe405b41c15560ac52bb317c8239504eb4bf200c16b6289bfda30480054

  • Size

    211KB

  • MD5

    8b80d97fc55bbaf025aa0ac7adef8c1a

  • SHA1

    9ea8be2e0345ef7cf8eca196370ed26d6ac70cc8

  • SHA256

    51e37fe405b41c15560ac52bb317c8239504eb4bf200c16b6289bfda30480054

  • SHA512

    f91ed29cb7f8c90f585f63e6a32abde942207106836105dd5e2b0619e9c9bd50e2d9d04fa173548a8d3df28d108a2d793bbe546ec765b1eeb9266cf2a8c8b954

  • SSDEEP

    3072:C2WnGpHvRREuggPJiS/5BJ5KVqn6iVS/cwZ7DJe2qow1t2nbHffukJAQWgJpRu:6wpKJgAc5SUwZ78BR2nbH3uPQxJLu

  Score

  10^/10

  metasploitbackdoortrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2