General
-
Target
5d69327f8804f55e9fdb520c091e9fec
-
Size
4.4MB
-
Sample
240115-sk8jyaabcl
-
MD5
5d69327f8804f55e9fdb520c091e9fec
-
SHA1
e1094cae4f4773f2adcc39293ba6c97382f41e41
-
SHA256
a50c2f4c02b6d353b368488b8efa4ace3fb5d82f7204347aeff6a226f4c50ecc
-
SHA512
50d3f0876c16837e4d75a37ea3d050742ef31cb147a45126c7cc7a98afc5b2b32508d1ef9d51dfc5065588ed9637ac2ec4f549b712278041fade500ff727ad0e
-
SSDEEP
98304:xnE1sfy7tlVJ8hi2mSQnpEbNQjAj/+1I69OORTvEK:xESfy7tTJ8hiiQnpaNQjY21ITOX
Static task
static1
Behavioral task
behavioral1
Sample
5d69327f8804f55e9fdb520c091e9fec.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
5d69327f8804f55e9fdb520c091e9fec.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
5d69327f8804f55e9fdb520c091e9fec
-
Size
4.4MB
-
MD5
5d69327f8804f55e9fdb520c091e9fec
-
SHA1
e1094cae4f4773f2adcc39293ba6c97382f41e41
-
SHA256
a50c2f4c02b6d353b368488b8efa4ace3fb5d82f7204347aeff6a226f4c50ecc
-
SHA512
50d3f0876c16837e4d75a37ea3d050742ef31cb147a45126c7cc7a98afc5b2b32508d1ef9d51dfc5065588ed9637ac2ec4f549b712278041fade500ff727ad0e
-
SSDEEP
98304:xnE1sfy7tlVJ8hi2mSQnpEbNQjAj/+1I69OORTvEK:xESfy7tTJ8hiiQnpaNQjY21ITOX
-
Glupteba payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1