Extracted

• • Target

    2b69aa3ac5c213f530258e6c74882d50009c82f3b86c01cecf5ab8a9ceb2b684N.exe

  • Size

    169KB

  • MD5

    92428e3a757b25e7fbf0787d83fa5050

  • SHA1

    b2d3b10938d1d84d491d09219efe1875b315cc80

  • SHA256

    2b69aa3ac5c213f530258e6c74882d50009c82f3b86c01cecf5ab8a9ceb2b684

  • SHA512

    eac3766c1046b5f92d32ca6d44bbabd320fd74062cc62e8c01399cebd78e9fc2473f55ca96cf9e2bea2b7e7cc8cb183bcfb89e4dab9c48645d1ba1fda43e3351

  • SSDEEP

    3072:B6OqYQ2555kfoTKw3ADWDzj/t5HV/5vY364CFQinHPAk7jI3pQSUKV:WYQKMoTKFuz1/Pe1V

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2