Extracted

• • Target

    78aa1f5eb26e10c602f0f4a2eb9ee80f

  • Size

    169KB

  • MD5

    78aa1f5eb26e10c602f0f4a2eb9ee80f

  • SHA1

    e1ce2a7431c92a804da4fab62baba651aa8fee52

  • SHA256

    df09e45ba32d2c036cc4837402fe34950bb97fa7bc8c6fde0bf7d21cf9570ede

  • SHA512

    93cda6e19b6e278e86538dbf1a2441f755ad5fda24568f649cc8c01ae14540cc3fdc14a6e5a200926ba64f0de8aea302c22f3407655aab1741502708735cb7a2

  • SSDEEP

    3072:T2+GEkAt+XRiRvp3de87n+nvd0vmyRO0vWcmayqZSf3QL:rk43T+v6vmyUqZSv4

  Score

  10^/10

  metasploitbackdoortrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2