Extracted

• • Target

    28e751fdd703634231c0a25d7081ffe2

  • Size

    145KB

  • MD5

    28e751fdd703634231c0a25d7081ffe2

  • SHA1

    cd660ea569bf6b2f55bbbe1352969e51878491a5

  • SHA256

    8b54df8133dbef3dbaf42fb3ee9267fd521228776f16d9500eb12b9cadf678fd

  • SHA512

    68271210a22a525a66de759d6ab0de345b5f84fe82fcc862b57661282ace81fc22623340b7b3fd9db4d2d005e2e2370d0d4fa9acb3867ef4d53f2d7c73904ccd

  • SSDEEP

    3072:7mXTLdvPFfj1Ky33bbrMbvT0q8O1cZPzQ7IXMBc+AMP+QfQEhxFyVU7/0yoC4h:7qJnwvP6bQ7yMP+DE827/xovh

  Score

  10^/10

  metasploitbackdoorbootkitpersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • Drops file in System32 directory

  behavioral1behavioral2