Extracted

• • Target

    99deae7640eee2611b43d5b73f5ee579476c7b2d0930a878a2dcee397432d728

  • Size

    202KB

  • MD5

    354d967bad7246ccfe991bf5145823bd

  • SHA1

    cc2646129c81b8a2e8c86f8981c0860b597c5715

  • SHA256

    99deae7640eee2611b43d5b73f5ee579476c7b2d0930a878a2dcee397432d728

  • SHA512

    03e5f1d4247db2c3e8fdb84d542f28fa36e08036cac4739267e255d593320a410af7c71e9fd6f55fb09d2fe95769740c0016fe0b7a8068e96ce1016f9af63cf7

  • SSDEEP

    3072:fvIO+GJioPq+PYAsGghkRmBxSxXDzubM5Rk+WZye0uHekRID3SsG8DGtedJpJjql:fJHVIeXDzubM0B0uED3SVtgjq1+s

  Score

  10^/10

  metasploitbackdoortrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2