Extracted

• • Target

    83cf4a1aa4a64bbe63aca52cefdbd0c311cf804c065353dd69dce889153dd8ccN.exe

  • Size

    140KB

  • MD5

    baa490460067f3deca8bb90217fbfe90

  • SHA1

    80726177d8f02887c2e4bbf72cafa3fe4f640fa2

  • SHA256

    83cf4a1aa4a64bbe63aca52cefdbd0c311cf804c065353dd69dce889153dd8cc

  • SHA512

    8a94b043e48a1c94fa38c02c9e65152b957129b5028be7d48224f3eaae680cd3d1318ec44f1491db4246370c66d36d1c916070bd1faa893b21a1328e48621b4e

  • SSDEEP

    3072:Cp651xEpsy1ai+6oTHzoMYypJTy4RhgVbYLr8imVu:lEb19/oTHzoMYynTy4C4hm8

  Score

  10^/10

  metasploitbackdoordiscoveryevasionpersistencetrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Modifies firewall policy service

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2