General

  • Target

    4a56fb54676bfa45104925542221e5ce

  • Size

    4.3MB

  • Sample

    240108-d7ta7sbeb4

  • MD5

    4a56fb54676bfa45104925542221e5ce

  • SHA1

    7899fa894fd6c3295f88ac521eaadf585cc764d6

  • SHA256

    8e59217889c93061e51f1a61eb16fe6a2d88c354b6f713c1094f7936f3c3fa1e

  • SHA512

    46358bcca540b779f232064f05f84aa156c2d26d00c730a44cf60f37359a5f7852714f6b49649c8d35bdbb818a850328f499b14079fccf04478a1518f535d9c5

  • SSDEEP

    98304:iTtBPOtfDLnOuG7WJIjs73DC+v3Y9+Wb7Rao8SrQJmSj/5bsFSlzxE:ipBUPnOpKJI83WoId7LVcgczq

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Targets

    • Target

      4a56fb54676bfa45104925542221e5ce

    • Size

      4.3MB

    • MD5

      4a56fb54676bfa45104925542221e5ce

    • SHA1

      7899fa894fd6c3295f88ac521eaadf585cc764d6

    • SHA256

      8e59217889c93061e51f1a61eb16fe6a2d88c354b6f713c1094f7936f3c3fa1e

    • SHA512

      46358bcca540b779f232064f05f84aa156c2d26d00c730a44cf60f37359a5f7852714f6b49649c8d35bdbb818a850328f499b14079fccf04478a1518f535d9c5

    • SSDEEP

      98304:iTtBPOtfDLnOuG7WJIjs73DC+v3Y9+Wb7Rao8SrQJmSj/5bsFSlzxE:ipBUPnOpKJI83WoId7LVcgczq

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks