General

  • Target

    6fd9d52463f7b9444ae84fccccc96a3b

  • Size

    4.4MB

  • Sample

    240122-vpvjzsahem

  • MD5

    6fd9d52463f7b9444ae84fccccc96a3b

  • SHA1

    d4fc7b50057f1e4df7527df00cde8a4b7556498d

  • SHA256

    7bec73f4ea2b19439f13212e476245d88a0cf3da3a90cb27d684614e0a5affef

  • SHA512

    f166b7030e21f2ca4db3c8d6fd030eb9ea85a9e9591a75fc1a22302cad87e2cc6c7880b0af19f1b292d157623f878f98af11283ec9a33d3d77ac517dd4f1e5e2

  • SSDEEP

    98304:pYjdJmh/+mi/Tlmp1pU7mGMDLGUvlm96nZnEV0nhktE22YRzwbW/z6RtwJ:47mhWmuwp1wMDyl6ZnEOhktEKRzr+/wJ

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Targets

    • Target

      6fd9d52463f7b9444ae84fccccc96a3b

    • Size

      4.4MB

    • MD5

      6fd9d52463f7b9444ae84fccccc96a3b

    • SHA1

      d4fc7b50057f1e4df7527df00cde8a4b7556498d

    • SHA256

      7bec73f4ea2b19439f13212e476245d88a0cf3da3a90cb27d684614e0a5affef

    • SHA512

      f166b7030e21f2ca4db3c8d6fd030eb9ea85a9e9591a75fc1a22302cad87e2cc6c7880b0af19f1b292d157623f878f98af11283ec9a33d3d77ac517dd4f1e5e2

    • SSDEEP

      98304:pYjdJmh/+mi/Tlmp1pU7mGMDLGUvlm96nZnEV0nhktE22YRzwbW/z6RtwJ:47mhWmuwp1wMDyl6ZnEOhktEKRzr+/wJ

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Modifies boot configuration data using bcdedit

    • Modifies Windows Firewall

    • Possible attempt to disable PatchGuard

      Rootkits can use kernel patching to embed themselves in an operating system.

MITRE ATT&CK Enterprise v15

Tasks