Extracted

• • Target

    11f7127432d62bdabc6b16c3c7b798b45876eb0f661e8ecfe8a203c0619b2bb4N

  • Size

    1.2MB

  • MD5

    e1fd6f4a9ca1b26d194ca673f10bba10

  • SHA1

    6cdb51120068a809d2c2b7746100e5d3b6abd265

  • SHA256

    11f7127432d62bdabc6b16c3c7b798b45876eb0f661e8ecfe8a203c0619b2bb4

  • SHA512

    61b4f4aedf0ff0afffc84323d6c7b769eb227fefa052145f78dde6f31d893c7c77fddb289bffe4b3cd1968945a37639a2a1f77ea769d5597a87ddeff646bb14c

  • SSDEEP

    12288:VDeq6XQ2xIjrwg8d+G6e2S5Est12EUEYO27NUvLFyImxAuT:Vn5rwgxG6TSPGEU7VqvLFyIna

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Deletes itself

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2