Extracted

• • Target

    03c35e1ee1b0bf6340cdb45773c9fd3e

  • Size

    524KB

  • MD5

    03c35e1ee1b0bf6340cdb45773c9fd3e

  • SHA1

    1338fb2e480eb7a42cc6e299948583012c48cad5

  • SHA256

    67e07368739819c893c0752d8dc1bc0c1f87764a711f18ceb9507162644a9393

  • SHA512

    36ed40208275a2e13704cd73ab61a58f1f5deb02d80e91c3840a8836b6070228ebdf0c017955a84912aaa64a14511f3032468e3c648b64f9db13af79d77fcad4

  • SSDEEP

    12288:JI0As/dcwf0e/GQAPCqtKbFeEFk88ho1RFR25Au14qsYBKBgMVkJoQg:W0F1cwfR/4tYk8HxR25+TYki1JoQg

  Score

  10^/10

  metasploitbackdoorevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2