General

  • Target

    61eb2106ec53d3d89973b46e60c9e527

  • Size

    4.5MB

  • Sample

    240117-gt4rkaafh2

  • MD5

    61eb2106ec53d3d89973b46e60c9e527

  • SHA1

    8ccc27b9674a52d870b6185cbb321191a089564a

  • SHA256

    0c535fc0755f04c889292d4bcae072d090f67030cb7a369b6a2113bfc37e1697

  • SHA512

    1b683bf490e6f003f2e07904eb813ae9528f3f26105b70a779b0bb97aa073bdf7b3c1522e529f5b7d81bf1ed514ed15813f5d527cd758e94414fc6aca3566463

  • SSDEEP

    98304:rwJUj/cXGt2L8cUsaMVXZJowRFipdCyz9iv6itkCkrpEqkD19Ir2JAZP:WGT2hzXZeZz9iv6TJFhk4rk+P

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Targets

    • Target

      61eb2106ec53d3d89973b46e60c9e527

    • Size

      4.5MB

    • MD5

      61eb2106ec53d3d89973b46e60c9e527

    • SHA1

      8ccc27b9674a52d870b6185cbb321191a089564a

    • SHA256

      0c535fc0755f04c889292d4bcae072d090f67030cb7a369b6a2113bfc37e1697

    • SHA512

      1b683bf490e6f003f2e07904eb813ae9528f3f26105b70a779b0bb97aa073bdf7b3c1522e529f5b7d81bf1ed514ed15813f5d527cd758e94414fc6aca3566463

    • SSDEEP

      98304:rwJUj/cXGt2L8cUsaMVXZJowRFipdCyz9iv6itkCkrpEqkD19Ir2JAZP:WGT2hzXZeZz9iv6TJFhk4rk+P

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Modifies boot configuration data using bcdedit

    • Modifies Windows Firewall

    • Possible attempt to disable PatchGuard

      Rootkits can use kernel patching to embed themselves in an operating system.

MITRE ATT&CK Enterprise v15

Tasks