Extracted

• • Target

    038554b5f93582b62368e60ba492763db3300cd6ce8afd08c163ef0c1ae9214f

  • Size

    253KB

  • MD5

    8384773576743ad27862147fcaf4abac

  • SHA1

    816cc2a3591b07a5e7307889fc30c5b55a97fa33

  • SHA256

    038554b5f93582b62368e60ba492763db3300cd6ce8afd08c163ef0c1ae9214f

  • SHA512

    89aa3214d4e89baba86b11b3323165a7711b8f66733f8ffd8b00173b4afe180c008da7b18bd790bae8fcfc13870f16a3b449776a11dd8517a8e5fb7dfbfbfdeb

  • SSDEEP

    6144:2K0VsPXoRDaNItnM5GEJFwvP6bQ7yMP+DE827c23EOca:QuoROIukSm6b7MP+Dd2FEOca

  Score

  10^/10

  metasploitaspackv2backdoorbootkitpersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Executes dropped EXE

  • Loads dropped DLL

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • Drops file in System32 directory

  behavioral1behavioral2