General
-
Target
10db50b65cf8adecc3bc9eec24b84d815ecc9aa291e24e36d39310471628afe0
-
Size
4.4MB
-
Sample
220604-m4xc5aggel
-
MD5
54a520f5d265e1436948bfac54f97284
-
SHA1
47ac910cec047fc26990a9a20d7955419d547691
-
SHA256
10db50b65cf8adecc3bc9eec24b84d815ecc9aa291e24e36d39310471628afe0
-
SHA512
a999721d5c3e9e5de1bf6e93f89fc37e8ce22b05241ffe345de7fdca42b9b62fa09287444f5c63c3545a25d006ac9fc2a99a3bf62df3d51d22cc22e418367792
Static task
static1
Behavioral task
behavioral1
Sample
10db50b65cf8adecc3bc9eec24b84d815ecc9aa291e24e36d39310471628afe0.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
10db50b65cf8adecc3bc9eec24b84d815ecc9aa291e24e36d39310471628afe0.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
10db50b65cf8adecc3bc9eec24b84d815ecc9aa291e24e36d39310471628afe0
-
Size
4.4MB
-
MD5
54a520f5d265e1436948bfac54f97284
-
SHA1
47ac910cec047fc26990a9a20d7955419d547691
-
SHA256
10db50b65cf8adecc3bc9eec24b84d815ecc9aa291e24e36d39310471628afe0
-
SHA512
a999721d5c3e9e5de1bf6e93f89fc37e8ce22b05241ffe345de7fdca42b9b62fa09287444f5c63c3545a25d006ac9fc2a99a3bf62df3d51d22cc22e418367792
-
Glupteba Payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-