Extracted

• • Target

    1ba73e58924afe9aa6e88161bfb3adc4

  • Size

    168KB

  • MD5

    1ba73e58924afe9aa6e88161bfb3adc4

  • SHA1

    9dc45648c7e3847dad43f8fe6c0a930f79020108

  • SHA256

    e15fac847d6df2ec36478decdb6dddee812f95b6a3d56705513d72fbb6124696

  • SHA512

    d025f3f6d8c2b002ada73d5943f4d1fcdd13744647b13d3619b9ba7efac11619a9ea6275a7772b89bdd5f21c95fcbed3aa38b637a8fe813f9cccabf7666fb81b

  • SSDEEP

    3072:838Nmr19fQK5l5XgfWnDNVAQxLjAHq9VQFM0TTziItBxHKvCpfBjtGqk7CgWH:Ar19f6gLsBFm2d0CpzOWH

  Score

  10^/10

  metasploitbackdoortrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2