Extracted

• • Target

    0d4f74a9d8981a84c01cf2d347da92f5b37e6efc8c80f1e9ee3f62429b96bc35.exe

  • Size

    102KB

  • MD5

    187193173cb7ee09e0cfa9becc45b84d

  • SHA1

    5d53f45189b31f4844f805e9cf05a70d1a65dccb

  • SHA256

    0d4f74a9d8981a84c01cf2d347da92f5b37e6efc8c80f1e9ee3f62429b96bc35

  • SHA512

    58bf20ff52f7ef611b37078416954e4871b91387037aac2e15e43f0b070005c4fb538cc604dd364a04c8f8471d4e3e14c6e02550160d8f661b7ae086391616c6

  • SSDEEP

    3072:ndcctiF5ohmtJ9AfmluAvYglbol9KYjW3nhWqXPhpWtp7FDiKg:n+A85umtJU0bq9KY63nvXPhpWtp7FeH

  Score

  10^/10

  metasploitbackdoordiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2