Extracted

• • Target

    446e0ac0868024bf9045f1a7a9775086

  • Size

    208KB

  • MD5

    446e0ac0868024bf9045f1a7a9775086

  • SHA1

    9b3135e297b224426f0e41e40a5f1e124756175d

  • SHA256

    2a78ade3739e2bac6c9e6a5061f1e7821ffdefc0346baa32fee4a55a16f6db51

  • SHA512

    f4c421e34dff0ef6421e61375e5412ba92a9beb6b34a2ab28515cea570f71857ccf9bfc2bc02ba8e624ea9afdda47dd6eca00c0d9d095fde61ff85ab04eeb4d6

  • SSDEEP

    3072:pZNqd6IFqBeLuECNs8sYTCPRVW7W0rovihDtHaEh9fDlfqKuvvZLHaW8UaQlc:ZUzFqBpNs6Tq9Wovi62HfqxvZL6DUac

  Score

  10^/10

  metasploitbackdoorbootkitpersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2