General
-
Target
1105c6506d94d440e44ce637e0e7d87c7aed386cf99d870f9bea04e3655614bf
-
Size
3.9MB
-
Sample
220604-mc6gqafdck
-
MD5
fb5106b00132654be98257e2ba38a950
-
SHA1
f462763f1c9881eb97c085382ffd4674d304c8d2
-
SHA256
1105c6506d94d440e44ce637e0e7d87c7aed386cf99d870f9bea04e3655614bf
-
SHA512
81038ec7ba4c9c4661625c16ceb3ce425b2afea09c47f7c1d46050be8c94022f5e81af6b9b5accf483d7ab1f2fa60e6eeae8883cac945fde68ff5ecab7069863
Static task
static1
Behavioral task
behavioral1
Sample
1105c6506d94d440e44ce637e0e7d87c7aed386cf99d870f9bea04e3655614bf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1105c6506d94d440e44ce637e0e7d87c7aed386cf99d870f9bea04e3655614bf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
1105c6506d94d440e44ce637e0e7d87c7aed386cf99d870f9bea04e3655614bf
-
Size
3.9MB
-
MD5
fb5106b00132654be98257e2ba38a950
-
SHA1
f462763f1c9881eb97c085382ffd4674d304c8d2
-
SHA256
1105c6506d94d440e44ce637e0e7d87c7aed386cf99d870f9bea04e3655614bf
-
SHA512
81038ec7ba4c9c4661625c16ceb3ce425b2afea09c47f7c1d46050be8c94022f5e81af6b9b5accf483d7ab1f2fa60e6eeae8883cac945fde68ff5ecab7069863
-
Glupteba Payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-