General
-
Target
ff3aa5457038dfb371eb3ceafdda9c41c984ade8eea703ae23be11b90c0629b0
-
Size
3.8MB
-
Sample
221125-kpa58sed54
-
MD5
01c38c2e5f0605d0d53c3555e751a746
-
SHA1
eecf5f41a757fe19b0950eefa88ac8fa6012a83a
-
SHA256
ff3aa5457038dfb371eb3ceafdda9c41c984ade8eea703ae23be11b90c0629b0
-
SHA512
1ed25a20fec44438be6fb7d1181da964a3f2aa134406e0bbe5d37cbf84480f0d198b62b5eb1baed1b8c86dab407e4d895d46a914bcd9beba80f76737ab6badf8
-
SSDEEP
98304:LffhKBJDIjXM6wa83EIOvVZTR0fTnZccVfpD845:LwH43bNvDCdHP
Static task
static1
Behavioral task
behavioral1
Sample
ff3aa5457038dfb371eb3ceafdda9c41c984ade8eea703ae23be11b90c0629b0.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
ff3aa5457038dfb371eb3ceafdda9c41c984ade8eea703ae23be11b90c0629b0.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
ff3aa5457038dfb371eb3ceafdda9c41c984ade8eea703ae23be11b90c0629b0
-
Size
3.8MB
-
MD5
01c38c2e5f0605d0d53c3555e751a746
-
SHA1
eecf5f41a757fe19b0950eefa88ac8fa6012a83a
-
SHA256
ff3aa5457038dfb371eb3ceafdda9c41c984ade8eea703ae23be11b90c0629b0
-
SHA512
1ed25a20fec44438be6fb7d1181da964a3f2aa134406e0bbe5d37cbf84480f0d198b62b5eb1baed1b8c86dab407e4d895d46a914bcd9beba80f76737ab6badf8
-
SSDEEP
98304:LffhKBJDIjXM6wa83EIOvVZTR0fTnZccVfpD845:LwH43bNvDCdHP
-
Glupteba payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-