General
-
Target
23d614dbffa822a5ae066b1673fb7c5ea73de12cf01c6c4327bbb951ceb6240b
-
Size
3.9MB
-
Sample
230129-w658gsha63
-
MD5
de8c59730bb0557ef92f004b1fe2eecf
-
SHA1
334a2f8d11a7aa7309f31fe56555baf49ae7d1f9
-
SHA256
23d614dbffa822a5ae066b1673fb7c5ea73de12cf01c6c4327bbb951ceb6240b
-
SHA512
47dcacfd705a02b24d32993aecc01f08c699c0363029885865ad4ae482b5103c363c4c3c84f41d7749ebe3ccb2c505ac73e30542c7ac8ef0de0ac6834fc851ee
-
SSDEEP
98304:8qnCPgJXetL7HPcsoTscYdniOFytgLG7kJnRVVt8tMV95ykE5YN:pYg2L7vcRfYliOYt77wnD38tMV95yk5N
Static task
static1
Behavioral task
behavioral1
Sample
23d614dbffa822a5ae066b1673fb7c5ea73de12cf01c6c4327bbb951ceb6240b.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
23d614dbffa822a5ae066b1673fb7c5ea73de12cf01c6c4327bbb951ceb6240b.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
23d614dbffa822a5ae066b1673fb7c5ea73de12cf01c6c4327bbb951ceb6240b
-
Size
3.9MB
-
MD5
de8c59730bb0557ef92f004b1fe2eecf
-
SHA1
334a2f8d11a7aa7309f31fe56555baf49ae7d1f9
-
SHA256
23d614dbffa822a5ae066b1673fb7c5ea73de12cf01c6c4327bbb951ceb6240b
-
SHA512
47dcacfd705a02b24d32993aecc01f08c699c0363029885865ad4ae482b5103c363c4c3c84f41d7749ebe3ccb2c505ac73e30542c7ac8ef0de0ac6834fc851ee
-
SSDEEP
98304:8qnCPgJXetL7HPcsoTscYdniOFytgLG7kJnRVVt8tMV95ykE5YN:pYg2L7vcRfYliOYt77wnD38tMV95yk5N
-
Glupteba payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-