General
Target

2efca025a8e3e822138d89e3294eb52910c43c07a646f7e3af798c7c40fb0572

Size

4MB

Sample

220622-aqxerafhak

Score
10/10
MD5

759d4f1df0674000f2809691a64de3f6

SHA1

7ebbd4ffdc3d38842fa5a029c8785811274749c9

SHA256

2efca025a8e3e822138d89e3294eb52910c43c07a646f7e3af798c7c40fb0572

SHA512

23d93668b612bae42127be1778bf254d2bc2151d74169f7e0f67dc5c74a55f4932646f4bcb50beb01c86dfc209347e544dd28d07bff9a508ab60ec46af73ad51

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Targets
Target

2efca025a8e3e822138d89e3294eb52910c43c07a646f7e3af798c7c40fb0572

MD5

759d4f1df0674000f2809691a64de3f6

Filesize

4MB

Score
10/10
SHA1

7ebbd4ffdc3d38842fa5a029c8785811274749c9

SHA256

2efca025a8e3e822138d89e3294eb52910c43c07a646f7e3af798c7c40fb0572

SHA512

23d93668b612bae42127be1778bf254d2bc2151d74169f7e0f67dc5c74a55f4932646f4bcb50beb01c86dfc209347e544dd28d07bff9a508ab60ec46af73ad51

Tags

Signatures

  • Glupteba

    Description

    Glupteba is a modular loader written in Golang with various components.

    Tags

  • Glupteba Payload

  • MetaSploit

    Description

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    Tags

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Windows security bypass

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Loads dropped DLL

  • Windows security modification

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Drops file in System32 directory

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation