Extracted

• • Target

    0151d0e33cc2f0ba950a454f0763d5ef

  • Size

    132KB

  • MD5

    0151d0e33cc2f0ba950a454f0763d5ef

  • SHA1

    224a33059021819da7d2f951d8a61c75dabc58a3

  • SHA256

    555410fd4522790c05d716a3c39f1a2d0d4ce94aa98dbed33dbb68cfc83902b7

  • SHA512

    304fa687d6b4de3a8347fe74e873495941f1ffda647a6fe622a0e1e6b07f3d3f3f1c56948ab647863d6a295c3220971fa38d7a24b07169608dc12cd97358f0b8

  • SSDEEP

    3072:OW5tW5BBKi5BgW4ADwl4hcI1AKaAOHL6u/ZWZJSFnO:zcKi4Wr

  Score

  10^/10

  metasploitbackdoorpersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Adds policy Run key to start application

    persistence

  • Drops file in Drivers directory

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2