Extracted

• • Target

    60fe411b88b9d8ff7fdcc7d1c2bcb79b.exe

  • Size

    719KB

  • MD5

    60fe411b88b9d8ff7fdcc7d1c2bcb79b

  • SHA1

    b78a3cbd008f9fc0a2369d46f5fc6da9b5aa46ca

  • SHA256

    77c5ebd88db1c4b793ea6b35e13e5578298c4f94ba88c6d2ed1e9018f7707f61

  • SHA512

    35e1119e34d180e48054347b3bb080ab07cdcf2e237f53246506c7fd6ca2a8144617afb04197299ca3aa1cb963454d8a4a9bc1c31dc0a2194bb93f2ecfa87228

  • SSDEEP

    12288:ICx1kJpmp7HMYjTcvWVez4zqDvYRIQnIfHjAXd5eqBFtJTcXPca0amUVRFtSn9ou:ZKJpu7sJHA4g1IrAN5htJg/zfFIn9b

  Score

  10^/10

  metasploitbackdoorevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Drops file in Drivers directory

  • Deletes itself

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2