Extracted

• • Target

    8d6821e1b2ca8c76d1d5f15bf4f838a7

  • Size

    143KB

  • MD5

    8d6821e1b2ca8c76d1d5f15bf4f838a7

  • SHA1

    040895bce4309207090f8ae51263f96948643daa

  • SHA256

    ab0bbc950ef2066a74e80ed1fab7951f2feefbfed35f71f1ff1e6a65273e9bb1

  • SHA512

    b7b4c74ad36958e98ed3f961720c74a0908023639f155fb5b06b1a8c0ab867d012315bf8abca1d636d199d6e630036a9413a9f1ae901e4e1b4076a9c3df0cf4b

  • SSDEEP

    3072:AMGIkXgig5iuvINdcsnIKaHiyI0TelORghzIdeZw:AMGI9igGNaskmvoglIdeK

  Score

  10^/10

  metasploitbackdoorpersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2