General

  • Target

    6c209fc9200465c19a28dc2448ec9d99

  • Size

    4.5MB

  • Sample

    240121-c1kvtadabr

  • MD5

    6c209fc9200465c19a28dc2448ec9d99

  • SHA1

    d2883c3b72d2105da100550438b15a57f82fd0d1

  • SHA256

    620337ee0b56a75b1d5af95aa8c659760d171c6857f9da443d3c4e2d5d3b2af5

  • SHA512

    19ba79bbc14180794b07e7ad46a908f3529ec25ae0873835c0db9cf94384c8442435bf9f0ba2d17b1d40d95ccbb446a58969aee097553a593943dfd402df8580

  • SSDEEP

    98304:8tnAeDfR9id+AcZqCKPvGwT7SJrqVtAKeXvQj3clop1SC:4AejR9id+4Pv96JrqtAKeXvY1p1SC

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Targets

    • Target

      6c209fc9200465c19a28dc2448ec9d99

    • Size

      4.5MB

    • MD5

      6c209fc9200465c19a28dc2448ec9d99

    • SHA1

      d2883c3b72d2105da100550438b15a57f82fd0d1

    • SHA256

      620337ee0b56a75b1d5af95aa8c659760d171c6857f9da443d3c4e2d5d3b2af5

    • SHA512

      19ba79bbc14180794b07e7ad46a908f3529ec25ae0873835c0db9cf94384c8442435bf9f0ba2d17b1d40d95ccbb446a58969aee097553a593943dfd402df8580

    • SSDEEP

      98304:8tnAeDfR9id+AcZqCKPvGwT7SJrqVtAKeXvQj3clop1SC:4AejR9id+4Pv96JrqtAKeXvY1p1SC

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Modifies boot configuration data using bcdedit

    • Modifies Windows Firewall

    • Possible attempt to disable PatchGuard

      Rootkits can use kernel patching to embed themselves in an operating system.

MITRE ATT&CK Enterprise v15

Tasks