Extracted

• • Target

    3f6a60026e999c6449af154b55a81159b190fefe7658771d33677111d1bb5371

  • Size

    264KB

  • MD5

    4d909f4075f050482a761d14db927f83

  • SHA1

    bf076c0e3739d9a6e4efe4f76fb0b4c2169c8f29

  • SHA256

    3f6a60026e999c6449af154b55a81159b190fefe7658771d33677111d1bb5371

  • SHA512

    b4f23e462f388ffaeaa2cb254cdd1d8ee71f43a0e97afe25fa04e80b1412fcb4c3ec002135491aff2d4422b81c92a5755546389fdd952e7ac6cf470a84ba16e4

  • SSDEEP

    3072:ccJeDtGvpN6ajL43fo47yp8JmUOnHJDLd0P/pP0oP0oP0oP0oP0oP0oP0oP0oP04:cWecpgy4hyiJmUOHNB

  Score

  10^/10

  metasploitbackdoorevasionpersistencetrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Modifies firewall policy service

    evasion

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Deletes itself

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2