General
-
Target
c6f901faa3b3966b7d4e124e7b478a90f28b715ab2fca01665e9b173af99f2ce
-
Size
160KB
-
Sample
220919-cwpyzacdg3
-
MD5
b1fcf1443438b8eb8eb6b77e7cf3fe10
-
SHA1
4041e9288c79b3fb284c0c89e4f289a7eb09ff51
-
SHA256
c6f901faa3b3966b7d4e124e7b478a90f28b715ab2fca01665e9b173af99f2ce
-
SHA512
b6927331c7ac243b718d0b6778eb0cd2c214357741b7bf8a281842474d8b7cebbceca1f12df3b1d74b6c107e4f2581d368fde01244973e85a86de41dcd8edbe4
-
SSDEEP
3072:Gc/cM53ThfUe3p2QTozjoHlgGPDRQPL1yo+xISLH:7cMZThfUe3proz0FB7ihfS5LH
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
c6f901faa3b3966b7d4e124e7b478a90f28b715ab2fca01665e9b173af99f2ce
-
Size
160KB
-
MD5
b1fcf1443438b8eb8eb6b77e7cf3fe10
-
SHA1
4041e9288c79b3fb284c0c89e4f289a7eb09ff51
-
SHA256
c6f901faa3b3966b7d4e124e7b478a90f28b715ab2fca01665e9b173af99f2ce
-
SHA512
b6927331c7ac243b718d0b6778eb0cd2c214357741b7bf8a281842474d8b7cebbceca1f12df3b1d74b6c107e4f2581d368fde01244973e85a86de41dcd8edbe4
-
SSDEEP
3072:Gc/cM53ThfUe3p2QTozjoHlgGPDRQPL1yo+xISLH:7cMZThfUe3proz0FB7ihfS5LH
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-