General
-
Target
6df35106a5121ee64d3370bd1dd46a07
-
Size
212KB
-
Sample
240121-y891kahfbk
-
MD5
6df35106a5121ee64d3370bd1dd46a07
-
SHA1
1959c6a4498a0c5077b110c60203e0be7765385e
-
SHA256
7164576ca3aecdb5b7a9bd5bf069079aae229501261379332c9d3264d7e4aa57
-
SHA512
5ee65fe6bf87d678a389d543874798b8c0c3ba0d1cfb70f99118992f205f9131724657beca914e473434a3e44565657e68c14962cb6cf93879fea4f68180fef7
-
SSDEEP
6144:YZg3SzUUc897bKohiFBottttttttttttDtQSmaO38dlttttttttttttttttttwDm:bSzUUJ9nri7ottttttttttttDteazdlD
Static task
static1
Behavioral task
behavioral1
Sample
6df35106a5121ee64d3370bd1dd46a07.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
6df35106a5121ee64d3370bd1dd46a07.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
6df35106a5121ee64d3370bd1dd46a07
-
Size
212KB
-
MD5
6df35106a5121ee64d3370bd1dd46a07
-
SHA1
1959c6a4498a0c5077b110c60203e0be7765385e
-
SHA256
7164576ca3aecdb5b7a9bd5bf069079aae229501261379332c9d3264d7e4aa57
-
SHA512
5ee65fe6bf87d678a389d543874798b8c0c3ba0d1cfb70f99118992f205f9131724657beca914e473434a3e44565657e68c14962cb6cf93879fea4f68180fef7
-
SSDEEP
6144:YZg3SzUUc897bKohiFBottttttttttttDtQSmaO38dlttttttttttttttttttwDm:bSzUUJ9nri7ottttttttttttDteazdlD
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-