General
-
Target
5186b312cb24ae2294667e934975472ae5ef971d23c8290455273fbb1a263f52
-
Size
3.8MB
-
Sample
220718-r16jvafhcl
-
MD5
16b3bac20c0e5bcbfbe25b27943ea01f
-
SHA1
84c62588bb877af56d7b2376c8f3e22834d414a1
-
SHA256
5186b312cb24ae2294667e934975472ae5ef971d23c8290455273fbb1a263f52
-
SHA512
280f2d8fbdb854a17fa2381826d0a0a12f38aa1d46959e96e05081dfac13be002df14ca3869acb4f508d7f24f68de59d4da1db0220b90c4aba2bf4db6aedb030
Static task
static1
Behavioral task
behavioral1
Sample
5186b312cb24ae2294667e934975472ae5ef971d23c8290455273fbb1a263f52.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
5186b312cb24ae2294667e934975472ae5ef971d23c8290455273fbb1a263f52.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
5186b312cb24ae2294667e934975472ae5ef971d23c8290455273fbb1a263f52
-
Size
3.8MB
-
MD5
16b3bac20c0e5bcbfbe25b27943ea01f
-
SHA1
84c62588bb877af56d7b2376c8f3e22834d414a1
-
SHA256
5186b312cb24ae2294667e934975472ae5ef971d23c8290455273fbb1a263f52
-
SHA512
280f2d8fbdb854a17fa2381826d0a0a12f38aa1d46959e96e05081dfac13be002df14ca3869acb4f508d7f24f68de59d4da1db0220b90c4aba2bf4db6aedb030
-
Glupteba payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-