Extracted

• • Target

    5688a22c882e60b2cd2f2cc72601757a

  • Size

    145KB

  • MD5

    5688a22c882e60b2cd2f2cc72601757a

  • SHA1

    444f49bf79dcdaa9a92dc62a9fe6ae3b0fe3b4fd

  • SHA256

    6083316ee01a2fee563a39e1dbc12b9042ec2c0ac87ddf0b2215e33fda2e1875

  • SHA512

    b709400c7f79b09a3da2f6969c4b7256cfb49dc3e42763506cf0a4ac81500d04e4fac70ad16b75ee50767ae645b97d2c39e1b591eab5df5d7c4db6a20811fc3e

  • SSDEEP

    3072:f7nTa+mRUBCVIFedDNG/A88pN4s/OwEx1AK6lb9Qt:Ha+mOBCVI8dZcQqNzAr9Q

  Score

  10^/10

  metasploitbackdoorpersistencetrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2