General
-
Target
5fcb3a8f817a21f106aef4b565693051e8739bf7290709e340eac773eb8476e1
-
Size
3.9MB
-
Sample
230129-w61yrsad8t
-
MD5
af424c205619015d4f10b6f0454400dc
-
SHA1
fd770c56d4825035ed4bd9aa396fa958d23c5b1d
-
SHA256
5fcb3a8f817a21f106aef4b565693051e8739bf7290709e340eac773eb8476e1
-
SHA512
f9094d8471b2a04bd9ab0b814498f7f2e0c827fed649a1093f728bac97bf80e0506242415ef7a5948377785ecd52d83d6d883f734e04879cac4d90cc7ae1d09e
-
SSDEEP
98304:LarFN60kk2reyIYTHhIFUNCHLjqSSNH8WGb1:LGB8dhIFUNIYGb1
Static task
static1
Behavioral task
behavioral1
Sample
5fcb3a8f817a21f106aef4b565693051e8739bf7290709e340eac773eb8476e1.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
5fcb3a8f817a21f106aef4b565693051e8739bf7290709e340eac773eb8476e1.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
5fcb3a8f817a21f106aef4b565693051e8739bf7290709e340eac773eb8476e1
-
Size
3.9MB
-
MD5
af424c205619015d4f10b6f0454400dc
-
SHA1
fd770c56d4825035ed4bd9aa396fa958d23c5b1d
-
SHA256
5fcb3a8f817a21f106aef4b565693051e8739bf7290709e340eac773eb8476e1
-
SHA512
f9094d8471b2a04bd9ab0b814498f7f2e0c827fed649a1093f728bac97bf80e0506242415ef7a5948377785ecd52d83d6d883f734e04879cac4d90cc7ae1d09e
-
SSDEEP
98304:LarFN60kk2reyIYTHhIFUNCHLjqSSNH8WGb1:LGB8dhIFUNIYGb1
-
Glupteba payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-