glupteba | b715e12e64e2883eaf51f8925cc7c40a2444080f3fd481d6969ef5d4b16dbe56 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b715e12e64e2883eaf51f8925cc7c40a2444080f3fd481d6969ef5d4b16dbe56
Size

9.0MB
MD5

283fc6a358df2220b0101d66a8796344
SHA1

2e2e445ef1bbdf81049e7c646e566e3ba0db94dc
SHA256

b715e12e64e2883eaf51f8925cc7c40a2444080f3fd481d6969ef5d4b16dbe56
SHA512

bdc36db43e5a7cd1ff005599ea8d872f9b19cb31ce44f3e4943d7de99f8a31212f813196f3dd6a21066dcec0e48d77ef35cf754666ad7db259aa19fe1706511d
SSDEEP

98304:nR56m68Qj+pk9fkkAtjhhhr7/JAkLHQFtzY2/XxMLvhhZytTVhg5iqUQJ:R5N68Oo8LxMLphwVhGMQ

Score

10^/10

glupteba metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Signatures

Glupteba family
glupteba

Glupteba payload 1 IoCs

resource	yara_rule
sample	family_glupteba

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b715e12e64e2883eaf51f8925cc7c40a2444080f3fd481d6969ef5d4b16dbe56

Files

b715e12e64e2883eaf51f8925cc7c40a2444080f3fd481d6969ef5d4b16dbe56
.exe windows:6 windows x86

1cd364a9e949d5ecebd6c614e64bc545

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
LoadLibraryA
LoadLibraryW
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatus
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.2MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ