General
-
Target
4410ec58b93c0b34d91044998994ee6cf73026102795be93a945a3c803295539
-
Size
4.4MB
-
Sample
220707-zqfjnsdea3
-
MD5
4e65a4077f352f0d56a54e87fa5e39b2
-
SHA1
905fdd590c50ef59b1a33ab8d8dd8b10d48b976d
-
SHA256
4410ec58b93c0b34d91044998994ee6cf73026102795be93a945a3c803295539
-
SHA512
b768d3d057f1acd12758616abf6ae311985303ea45ec2c4e3b3387891228db9a05a8316b275c65c1c78fe5d7c846993cac4545c24449147920dcdc772840bfe5
Static task
static1
Behavioral task
behavioral1
Sample
4410ec58b93c0b34d91044998994ee6cf73026102795be93a945a3c803295539.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4410ec58b93c0b34d91044998994ee6cf73026102795be93a945a3c803295539.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
4410ec58b93c0b34d91044998994ee6cf73026102795be93a945a3c803295539
-
Size
4.4MB
-
MD5
4e65a4077f352f0d56a54e87fa5e39b2
-
SHA1
905fdd590c50ef59b1a33ab8d8dd8b10d48b976d
-
SHA256
4410ec58b93c0b34d91044998994ee6cf73026102795be93a945a3c803295539
-
SHA512
b768d3d057f1acd12758616abf6ae311985303ea45ec2c4e3b3387891228db9a05a8316b275c65c1c78fe5d7c846993cac4545c24449147920dcdc772840bfe5
-
Glupteba payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-