Extracted

• • Target

    8caf2a4e65a331437fa259f55687ef2676ccf926cf9afa0221b739a5712d983d

  • Size

    171KB

  • MD5

    3c7403d4f86a59d57882d39bd459fad7

  • SHA1

    f37140e213aa0cd28b602cfbbca35cbabf4e9c37

  • SHA256

    8caf2a4e65a331437fa259f55687ef2676ccf926cf9afa0221b739a5712d983d

  • SHA512

    a55c0114908be37063a51d81f47814976b3f34f6fda2818f3d4012a2f037cda072bcf62012bf198de293a1461df726785659cb2802ae43f8174797f20c7e4523

  • SSDEEP

    3072:0UdMi1krv+4pZKEyUT+xdLiSmUA1CHchZRLEkDb5mA7a5Z9KBZAEWf75XE:DkjPKzUTqdLiAA1CqRaA7a5ZE3XW10

  Score

  10^/10

  metasploitbackdoortrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2