General
-
Target
e424bb0403cd15ebb796760b6292ff5b5a323319184dfd7d01796e0305660111
-
Size
3.9MB
-
Sample
230129-tz3gxadg37
-
MD5
6ed750112942f6285b1e86259fdaf75e
-
SHA1
2f3a2ca7458575736070079822b632548f485113
-
SHA256
e424bb0403cd15ebb796760b6292ff5b5a323319184dfd7d01796e0305660111
-
SHA512
ef19e9596c4cc16ab6d4a7c8536fd97b795e4032b3a8a0196b2781032436708e8b33dbe622b535405f34d6f46344fa53ff0feeffc11f394275efc3f946316c06
-
SSDEEP
49152:gtXIcARwuEX0ePpqpxIqrHp6VSt2NOTkGOFvN2Kwk8cvEFCaTWOO0LywozjV+d:gtZukZPixdwVSY41O72l6unof
Static task
static1
Behavioral task
behavioral1
Sample
e424bb0403cd15ebb796760b6292ff5b5a323319184dfd7d01796e0305660111.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
e424bb0403cd15ebb796760b6292ff5b5a323319184dfd7d01796e0305660111.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
e424bb0403cd15ebb796760b6292ff5b5a323319184dfd7d01796e0305660111
-
Size
3.9MB
-
MD5
6ed750112942f6285b1e86259fdaf75e
-
SHA1
2f3a2ca7458575736070079822b632548f485113
-
SHA256
e424bb0403cd15ebb796760b6292ff5b5a323319184dfd7d01796e0305660111
-
SHA512
ef19e9596c4cc16ab6d4a7c8536fd97b795e4032b3a8a0196b2781032436708e8b33dbe622b535405f34d6f46344fa53ff0feeffc11f394275efc3f946316c06
-
SSDEEP
49152:gtXIcARwuEX0ePpqpxIqrHp6VSt2NOTkGOFvN2Kwk8cvEFCaTWOO0LywozjV+d:gtZukZPixdwVSY41O72l6unof
-
Glupteba payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-