Extracted

• • Target

    8a80004a50c996b9664e22888a507960

  • Size

    204KB

  • MD5

    8a80004a50c996b9664e22888a507960

  • SHA1

    4beb8744781016c3d318789b453d7fcc3ae43fc3

  • SHA256

    ea39c9c9f8381881b00883f232d1305df17c46048a0d95e3a1746133dac38647

  • SHA512

    b108ffe0bc16b6d9ebcabf34dfc5befa652e2e5d791000ba3c5c5dda58c5ef690f6787a9a6e4ddc8b871932dfb28a01b61acf6145fc0553a2dd7b526c9ee6a90

  • SSDEEP

    3072:CFibiKvXjX7JdNp+dSmTC9Hhsc4RVw7G91kh9ymdJ2CaXxckZJA0f:CF0nXldNp+dSmTClhsc4RVJkamLyXxcQ

  Score

  10^/10

  metasploitbackdoorpersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2