General
-
Target
c8b041e2baf61c3da088f2f1e183f3a66e427447fcab580b5e81062026a8faae
-
Size
3.8MB
-
Sample
221125-ktfaraef72
-
MD5
83dac15991d182e1e0996e09d05c358d
-
SHA1
597fc6049d50ebbde4d3bc09a5d40ac8ea8caaf2
-
SHA256
c8b041e2baf61c3da088f2f1e183f3a66e427447fcab580b5e81062026a8faae
-
SHA512
090576d9e77c794282f3e9f58128be58867ec4a2901853dafd2b53123a09d7c97d7dd28bd8ac66a481713c51c5fe58ad0dac67f4f04ff588721f39d1599714a2
-
SSDEEP
98304:Q9BvHl5/baM7kFh4KiCIJPNIm8ouO1ua:Q9F/baM7kTIJlIm8oZ
Static task
static1
Behavioral task
behavioral1
Sample
c8b041e2baf61c3da088f2f1e183f3a66e427447fcab580b5e81062026a8faae.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
c8b041e2baf61c3da088f2f1e183f3a66e427447fcab580b5e81062026a8faae.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
c8b041e2baf61c3da088f2f1e183f3a66e427447fcab580b5e81062026a8faae
-
Size
3.8MB
-
MD5
83dac15991d182e1e0996e09d05c358d
-
SHA1
597fc6049d50ebbde4d3bc09a5d40ac8ea8caaf2
-
SHA256
c8b041e2baf61c3da088f2f1e183f3a66e427447fcab580b5e81062026a8faae
-
SHA512
090576d9e77c794282f3e9f58128be58867ec4a2901853dafd2b53123a09d7c97d7dd28bd8ac66a481713c51c5fe58ad0dac67f4f04ff588721f39d1599714a2
-
SSDEEP
98304:Q9BvHl5/baM7kFh4KiCIJPNIm8ouO1ua:Q9F/baM7kTIJlIm8oZ
-
Glupteba payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-