General
-
Target
82f34e859b458036d7f847a70b616c244aed28dc6e51c99e6c6ce144857e56c8
-
Size
3.8MB
-
Sample
221125-k6gdksah41
-
MD5
52242b0f18fda799a91931a570e9ef81
-
SHA1
6cf0427991c4bbf47aee799e6e1b84fcfad3292f
-
SHA256
82f34e859b458036d7f847a70b616c244aed28dc6e51c99e6c6ce144857e56c8
-
SHA512
215a5ddd6c2465ec1b4bf44d7c928d12ff9eca5d5c262376fa38a3a268fe2478e8e484e25593f18fe143e414f750385b2e6ce5823fdb26886c8d1b452015a4f0
-
SSDEEP
98304:Mrq57kIMGwK/DfC/XQuFEQ4xmGR/DOFEBlyHMtw8Uj+31Lc:M4VZJbo9Axmi/D8EBlystO+
Static task
static1
Behavioral task
behavioral1
Sample
82f34e859b458036d7f847a70b616c244aed28dc6e51c99e6c6ce144857e56c8.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
82f34e859b458036d7f847a70b616c244aed28dc6e51c99e6c6ce144857e56c8.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
82f34e859b458036d7f847a70b616c244aed28dc6e51c99e6c6ce144857e56c8
-
Size
3.8MB
-
MD5
52242b0f18fda799a91931a570e9ef81
-
SHA1
6cf0427991c4bbf47aee799e6e1b84fcfad3292f
-
SHA256
82f34e859b458036d7f847a70b616c244aed28dc6e51c99e6c6ce144857e56c8
-
SHA512
215a5ddd6c2465ec1b4bf44d7c928d12ff9eca5d5c262376fa38a3a268fe2478e8e484e25593f18fe143e414f750385b2e6ce5823fdb26886c8d1b452015a4f0
-
SSDEEP
98304:Mrq57kIMGwK/DfC/XQuFEQ4xmGR/DOFEBlyHMtw8Uj+31Lc:M4VZJbo9Axmi/D8EBlystO+
-
Glupteba payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-