Extracted

• • Target

    46f21fd7868544dfe02bd71a2aa3883cf862d421d2820dd4bbda01cb8fd80c07

  • Size

    244KB

  • MD5

    01b6c88aab7dbbc0bde23ff6c4a65e4f

  • SHA1

    3db1ab5fe72f3546e5af5077c53d42b0a17289ca

  • SHA256

    46f21fd7868544dfe02bd71a2aa3883cf862d421d2820dd4bbda01cb8fd80c07

  • SHA512

    b2f176f041c19b38668c8f7c1f0199bef9850ada9f58f2988a722f61cdd2f5aeb84b459c94c68992efce3d6c41b4ca7332d54c2083046ded6a09e7af9cf619ee

  • SSDEEP

    3072:+hbCmGrIAlFbWxMF16W/9uUsk6NoSOyuMiDaoX16FPcL9cNwLUNZ+7VP2FY3J31F:+heP7wMCBs/Io31YEmNwLUnYgOF

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupxevasionpersistence

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Modifies firewall policy service

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2