General
-
Target
5f3248f2c25a744211d4c4d877a8d2f81c6b57e1411482169d95eeb74c063eeb
-
Size
3.9MB
-
Sample
230129-w62v3aha59
-
MD5
7fc701478f1d43c3e62ff6d9c434ee77
-
SHA1
790ba947810a29810ca9d5738abc6b03c9805cce
-
SHA256
5f3248f2c25a744211d4c4d877a8d2f81c6b57e1411482169d95eeb74c063eeb
-
SHA512
d1ede33eeeb3d5d2dd44f73fda21bef9ae60c6a9c10d71aa9d5b57d2b233c7793f7b0e1deea1bf74f5084191bc86afa5ccb60803051efbe9491a3960a515e456
-
SSDEEP
98304:p1q76W1ZJJMknyymHzEnewyOzDFWmrqwKd:pox1Kkny1Xd2Doe5u
Static task
static1
Behavioral task
behavioral1
Sample
5f3248f2c25a744211d4c4d877a8d2f81c6b57e1411482169d95eeb74c063eeb.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
5f3248f2c25a744211d4c4d877a8d2f81c6b57e1411482169d95eeb74c063eeb.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
5f3248f2c25a744211d4c4d877a8d2f81c6b57e1411482169d95eeb74c063eeb
-
Size
3.9MB
-
MD5
7fc701478f1d43c3e62ff6d9c434ee77
-
SHA1
790ba947810a29810ca9d5738abc6b03c9805cce
-
SHA256
5f3248f2c25a744211d4c4d877a8d2f81c6b57e1411482169d95eeb74c063eeb
-
SHA512
d1ede33eeeb3d5d2dd44f73fda21bef9ae60c6a9c10d71aa9d5b57d2b233c7793f7b0e1deea1bf74f5084191bc86afa5ccb60803051efbe9491a3960a515e456
-
SSDEEP
98304:p1q76W1ZJJMknyymHzEnewyOzDFWmrqwKd:pox1Kkny1Xd2Doe5u
-
Glupteba payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-