Extracted

• • Target

    1f3e12fdff3f63da9742121a89c25cfd

  • Size

    248KB

  • MD5

    1f3e12fdff3f63da9742121a89c25cfd

  • SHA1

    bd5347c91e4a2569e7b59ca5bfe83aefff1ff1d9

  • SHA256

    51c1e5ae783bc894a92aa4d423aefc46c5e4974bf978407d1778228b89863029

  • SHA512

    510696afa054e02178e325a34b357fc9ca28558545ebb0d9728f598f996130c7faf442559bc2628a5e85e5631188c34dd6990e234f601a87319670aef5b24beb

  • SSDEEP

    3072:9ronY//GWWlO23rp3SsmiEtYBz2H7DQ3BxiC/LYXHmVKjAirmjMyTyV5ySpyTyr4:9kn4GWd27hSFiaYBz2HgnLYXmVKtmp

  Score

  10^/10

  metasploitbackdoortrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2