General
-
Target
8056afd8ac236ab7960a7ee3c2a286bf3811c3bb5413605edbce4561ec6b286d
-
Size
3.8MB
-
Sample
230129-xtwnysad33
-
MD5
a338c75da7f4174e27ab338c784b04b0
-
SHA1
85c89891fbf70138533b36c1458097e388f4459f
-
SHA256
8056afd8ac236ab7960a7ee3c2a286bf3811c3bb5413605edbce4561ec6b286d
-
SHA512
9d108f09befe255e5869da8f5f8587d9e1deb959770f5e9942bfbe09dd2e4b593368858c93e7fd70ce09aca36e7b89a6d79f92a51ba7e759ffd2acaa5cfccbd7
-
SSDEEP
98304:6FTJC3QNx+FWUgP2cFX811VDJH5zRbNTy:sVCgx+FWVPV8Jprbhy
Static task
static1
Behavioral task
behavioral1
Sample
8056afd8ac236ab7960a7ee3c2a286bf3811c3bb5413605edbce4561ec6b286d.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
8056afd8ac236ab7960a7ee3c2a286bf3811c3bb5413605edbce4561ec6b286d.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
8056afd8ac236ab7960a7ee3c2a286bf3811c3bb5413605edbce4561ec6b286d
-
Size
3.8MB
-
MD5
a338c75da7f4174e27ab338c784b04b0
-
SHA1
85c89891fbf70138533b36c1458097e388f4459f
-
SHA256
8056afd8ac236ab7960a7ee3c2a286bf3811c3bb5413605edbce4561ec6b286d
-
SHA512
9d108f09befe255e5869da8f5f8587d9e1deb959770f5e9942bfbe09dd2e4b593368858c93e7fd70ce09aca36e7b89a6d79f92a51ba7e759ffd2acaa5cfccbd7
-
SSDEEP
98304:6FTJC3QNx+FWUgP2cFX811VDJH5zRbNTy:sVCgx+FWVPV8Jprbhy
-
Glupteba payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-