Extracted

• • Target

    623ecd51bbfcdeb8267944d87742b7e8e1e68f40c06655046786f9ff036c83efN.exe

  • Size

    111KB

  • MD5

    af236ac6d18b3b8a4a80fba97e023b80

  • SHA1

    6327874801e26d82f48acdf5738cf60c6b5e9f59

  • SHA256

    623ecd51bbfcdeb8267944d87742b7e8e1e68f40c06655046786f9ff036c83ef

  • SHA512

    df6232f4b38fcebfd241ae62c3bc0813e99d61e308b6d0ba26158b8912c7de2f5c4b2af8587cbbd7d6dd90640200f013bdaf5035b5324587d22c82f0bcf92e98

  • SSDEEP

    3072:SwUYPGG9eAoHSwMm8KzF6N0dKMW+Wb+EyjOIpiAAiL:SwUYz93oHSHBnyWj+EfIEw

  Score

  10^/10

  metasploitbackdoordiscoveryevasionpersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2