Extracted

• • Target

    81502a2ee972e833e65392ee66110eccee50301c9aab45a25965968ad529b1a0

  • Size

    2.2MB

  • MD5

    2ecc4a411fea698ec1125c06003f7deb

  • SHA1

    b9d1031749f9e3587283a331bd1ed3237007173c

  • SHA256

    81502a2ee972e833e65392ee66110eccee50301c9aab45a25965968ad529b1a0

  • SHA512

    b9a284074251884ab3ebf9c4e62abae2e6b4fca6b8f71edf824c82edb23d1115423bb8479727d582852078db829cb15efcb2575247281d3747e002dfc64ef384

  • SSDEEP

    49152:L54dPdIAAgDebOqPV79fKoDyQRGH3bDcNGNd39Ie6Lw:F4hdF91qPV7JvRGH3UE19h

  Score

  10^/10

  metasploitbackdoorevasiontrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Executes dropped EXE

  • Looks for VMWare Tools registry key

    evasion

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Deletes itself

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2