Extracted

• • Target

    Picture47.JPG.scr

  • Size

    165KB

  • MD5

    caa0a13bd7ccf6af3241084e4c394647

  • SHA1

    db0e58844b564bb70ab9547e258b55f08737dc78

  • SHA256

    bdd822f9a0c5e69e3897d7feb4950ea58e1119ee5a656a55789c0827ee2bdce0

  • SHA512

    50bb52758c88a5b40468d5a73977b688be1dd3ec3aecc157ab90f58733086503803b6c473d757c8051c580f4d68ceed82c4b68b89870ad67ace359e027744314

  • SSDEEP

    3072:jgp5VH1kojjw70iESEDcaQhUxJnumqj12VDo0dzdo7MO:j4bMJE7DcJWxJpYH0Po7M

  Score

  10^/10

  metasploitbackdoorevasionpersistencetrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Modifies firewall policy service

    evasion

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Deletes itself

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2