Extracted

• • Target

    6b05cf7da2514d6a97dee34137a7689395928adc782eb0a970ee277d03b62e78.exe

  • Size

    169KB

  • MD5

    63b4ce9d1754b302c32a2001349f81f0

  • SHA1

    9ecd8f07d8f1fe07b24758b16073e7b5acb9ae37

  • SHA256

    6b05cf7da2514d6a97dee34137a7689395928adc782eb0a970ee277d03b62e78

  • SHA512

    2f36b8859a7434da6d026c35087b7dbb8f441f76a1c86cebedb63353a8905d9ff7ca23ddae3259a11d96da3dc83fd17b0bc140451cddbfe4053c99c9f140c1ec

  • SSDEEP

    3072:B6OqYQ2555kfoTKw3ADWDzj/t5HV/5vY364CFQinHPAk7jI3pQSUK3:WYQKMoTKFuz1/Pe13

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2