General

  • Target

    6f1f130741c10e884ac91387ba6f1671

  • Size

    4.4MB

  • Sample

    240122-jnxr6sbhg4

  • MD5

    6f1f130741c10e884ac91387ba6f1671

  • SHA1

    b4e14fc860ef82a4c2090949cd10402916320b99

  • SHA256

    4dcc466c7b711acae584e6305f8b5d16f95b443cb719f00de89dfb6e5b32cf03

  • SHA512

    f8c18b1dee51f03747d14b0d96e584eb50f51af4df20e70a35c4b8b9630b771b9465e8bedbfce431d296c5e4bef97668c70c233ad18e6fedbe3fa90ded2e948a

  • SSDEEP

    98304:s4qEFg15nW5y1E5/VCPB7hW28XjbS/UvVw79jx7Q5vQ:Dcqy1E5/VCPthpUdg95iQ

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Targets

    • Target

      6f1f130741c10e884ac91387ba6f1671

    • Size

      4.4MB

    • MD5

      6f1f130741c10e884ac91387ba6f1671

    • SHA1

      b4e14fc860ef82a4c2090949cd10402916320b99

    • SHA256

      4dcc466c7b711acae584e6305f8b5d16f95b443cb719f00de89dfb6e5b32cf03

    • SHA512

      f8c18b1dee51f03747d14b0d96e584eb50f51af4df20e70a35c4b8b9630b771b9465e8bedbfce431d296c5e4bef97668c70c233ad18e6fedbe3fa90ded2e948a

    • SSDEEP

      98304:s4qEFg15nW5y1E5/VCPB7hW28XjbS/UvVw79jx7Q5vQ:Dcqy1E5/VCPthpUdg95iQ

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Modifies boot configuration data using bcdedit

    • Modifies Windows Firewall

    • Possible attempt to disable PatchGuard

      Rootkits can use kernel patching to embed themselves in an operating system.

MITRE ATT&CK Enterprise v15

Tasks