General
-
Target
f45cf85a3b8e82a8e03a103644f880c83b0e90696ce8567ed2ff994d909fd6b1
-
Size
4.0MB
-
Sample
240925-tzkl4aydka
-
MD5
be08040460827e77d6e5c638c22761a1
-
SHA1
9312eb4a8d5f32718447e0f0dbe29b477196e63a
-
SHA256
f45cf85a3b8e82a8e03a103644f880c83b0e90696ce8567ed2ff994d909fd6b1
-
SHA512
91896e37b7a6463cafafc23402312391f54e8e8d687f94a892566e84f9d865149aebe48180ad82066fa7cbf4e15a3d6ff9f398641bf300c08ee0a5a21516fde7
-
SSDEEP
49152:31ZXtxDOmWP0pVfuFt37RH9/9pSTQSpItLc8a2n7s+TTCP0VXbpX5Sl35mjAYRGo:/txKmWMs3RH9o4P7hTbM
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
192.168.5.9:3636
Targets
-
-
Target
f45cf85a3b8e82a8e03a103644f880c83b0e90696ce8567ed2ff994d909fd6b1
-
Size
4.0MB
-
MD5
be08040460827e77d6e5c638c22761a1
-
SHA1
9312eb4a8d5f32718447e0f0dbe29b477196e63a
-
SHA256
f45cf85a3b8e82a8e03a103644f880c83b0e90696ce8567ed2ff994d909fd6b1
-
SHA512
91896e37b7a6463cafafc23402312391f54e8e8d687f94a892566e84f9d865149aebe48180ad82066fa7cbf4e15a3d6ff9f398641bf300c08ee0a5a21516fde7
-
SSDEEP
49152:31ZXtxDOmWP0pVfuFt37RH9/9pSTQSpItLc8a2n7s+TTCP0VXbpX5Sl35mjAYRGo:/txKmWMs3RH9o4P7hTbM
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-