General
-
Target
6ac4f6c40216a433c7750e7a0a5a877de1e84727b6bef6d214e35eaaf4f4e3c8
-
Size
3.8MB
-
Sample
230129-xt2j7sbg7w
-
MD5
ba80f69afbad1b748248eaa22b5c92cb
-
SHA1
79f1176fb8348ca9ccfa19cc230685320fa566a4
-
SHA256
6ac4f6c40216a433c7750e7a0a5a877de1e84727b6bef6d214e35eaaf4f4e3c8
-
SHA512
10902e159f17245a9f5c99f88070cbe5c0c495fc1612d229a745ef6b5ad0994421fd7c0db6dbb848b2e9b60d8b57c76bd68e83fb5f9f3f64c3d0aff9cedfc04d
-
SSDEEP
98304:FWyRD7LSIcHn+5A4pwhYjFbhycBLvroUT5dScUX:cyFyXH++Cw+FbhHBLEUVI
Static task
static1
Behavioral task
behavioral1
Sample
6ac4f6c40216a433c7750e7a0a5a877de1e84727b6bef6d214e35eaaf4f4e3c8.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
6ac4f6c40216a433c7750e7a0a5a877de1e84727b6bef6d214e35eaaf4f4e3c8.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
6ac4f6c40216a433c7750e7a0a5a877de1e84727b6bef6d214e35eaaf4f4e3c8
-
Size
3.8MB
-
MD5
ba80f69afbad1b748248eaa22b5c92cb
-
SHA1
79f1176fb8348ca9ccfa19cc230685320fa566a4
-
SHA256
6ac4f6c40216a433c7750e7a0a5a877de1e84727b6bef6d214e35eaaf4f4e3c8
-
SHA512
10902e159f17245a9f5c99f88070cbe5c0c495fc1612d229a745ef6b5ad0994421fd7c0db6dbb848b2e9b60d8b57c76bd68e83fb5f9f3f64c3d0aff9cedfc04d
-
SSDEEP
98304:FWyRD7LSIcHn+5A4pwhYjFbhycBLvroUT5dScUX:cyFyXH++Cw+FbhHBLEUVI
-
Glupteba payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-