General
-
Target
b5c96182c0205792e006ee86482650eb7098caba9b753800a796879af113aa0e
-
Size
3.8MB
-
Sample
230129-w6pkqsha54
-
MD5
bf8bd00031a3a08e4e62dbfff08b9bfa
-
SHA1
1f1264370e6b86999998dd99596de4010a283c31
-
SHA256
b5c96182c0205792e006ee86482650eb7098caba9b753800a796879af113aa0e
-
SHA512
f25e70666ff8c0bce67e6f400386d69a125c2eb5eac98f0b4a69a8909042cc50d0335293e3093e2350b710ea0b275a9b7a852eac471371568d0fb368c3cbb2a5
-
SSDEEP
98304:WyfDgsCeWlw817dwOUCXuiwMU6Fnit62T4IQIXS5:WKDgdaAdfXuilbit6c4tIi5
Static task
static1
Behavioral task
behavioral1
Sample
b5c96182c0205792e006ee86482650eb7098caba9b753800a796879af113aa0e.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
b5c96182c0205792e006ee86482650eb7098caba9b753800a796879af113aa0e.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
b5c96182c0205792e006ee86482650eb7098caba9b753800a796879af113aa0e
-
Size
3.8MB
-
MD5
bf8bd00031a3a08e4e62dbfff08b9bfa
-
SHA1
1f1264370e6b86999998dd99596de4010a283c31
-
SHA256
b5c96182c0205792e006ee86482650eb7098caba9b753800a796879af113aa0e
-
SHA512
f25e70666ff8c0bce67e6f400386d69a125c2eb5eac98f0b4a69a8909042cc50d0335293e3093e2350b710ea0b275a9b7a852eac471371568d0fb368c3cbb2a5
-
SSDEEP
98304:WyfDgsCeWlw817dwOUCXuiwMU6Fnit62T4IQIXS5:WKDgdaAdfXuilbit6c4tIi5
-
Glupteba payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-