General
-
Target
78ca50408e2745956a88443e3385a2a3e8f4b473bba71143b4cf29465991d344
-
Size
3.8MB
-
Sample
230129-xtxk9aad34
-
MD5
7ee425b04b8d2084836482c98ce68b99
-
SHA1
a9ef5039b26f16a03b50126582b0fed80eeed5f9
-
SHA256
78ca50408e2745956a88443e3385a2a3e8f4b473bba71143b4cf29465991d344
-
SHA512
b6bcf14ccbd9f86a8ef850a66315114e12c15eae6b5df3f7586e2b3deb7efb865c5f529edf7c845ff8a5001ea32d5a8c06642108aff1467b8423e738fef0e6d3
-
SSDEEP
98304:mA9OYbAPcSQf01qsqO/Hw1R8vGdRxtN4W7yR644gI2leH7:Z9vg1LqO/GdRxtOWyPIQ
Static task
static1
Behavioral task
behavioral1
Sample
78ca50408e2745956a88443e3385a2a3e8f4b473bba71143b4cf29465991d344.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
78ca50408e2745956a88443e3385a2a3e8f4b473bba71143b4cf29465991d344.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
78ca50408e2745956a88443e3385a2a3e8f4b473bba71143b4cf29465991d344
-
Size
3.8MB
-
MD5
7ee425b04b8d2084836482c98ce68b99
-
SHA1
a9ef5039b26f16a03b50126582b0fed80eeed5f9
-
SHA256
78ca50408e2745956a88443e3385a2a3e8f4b473bba71143b4cf29465991d344
-
SHA512
b6bcf14ccbd9f86a8ef850a66315114e12c15eae6b5df3f7586e2b3deb7efb865c5f529edf7c845ff8a5001ea32d5a8c06642108aff1467b8423e738fef0e6d3
-
SSDEEP
98304:mA9OYbAPcSQf01qsqO/Hw1R8vGdRxtN4W7yR644gI2leH7:Z9vg1LqO/GdRxtOWyPIQ
-
Glupteba payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-