Extracted

• • Target

    ced3c02a87991cb0112d9b4a7d73e0f00c9a8791de01da3e36e57e4cbd0644da

  • Size

    2.6MB

  • MD5

    2ca30af5c55fea6eb038cbb655a1676c

  • SHA1

    a701d9464df02d1467b2a72557160c7b548206d5

  • SHA256

    ced3c02a87991cb0112d9b4a7d73e0f00c9a8791de01da3e36e57e4cbd0644da

  • SHA512

    fd7f6ae26c87724cff8eda2ae1d655fc0ab433a003989d187215bf7e48ebc5343c30a8accd2aa5ed98df0141a1502eb84ce5c04a9df223970fe4297168ee3e1c

  • SSDEEP

    12288:LJKxMQJjOyjk0OpGiGkHnYoLXFgHAVXqlxcXqkQ9Y7otV94QHN72u16MoCWaGTvH:sMCFdeLy4QHZH1jFWhXwM

  Score

  10^/10

  metasploitbackdoorevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Modifies security service

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2