General
-
Target
f49c007ff8629ee0f50640f26e8479614a24ba33b8923d29380ea19cd2713d68
-
Size
3.9MB
-
Sample
220509-aw42sabgc5
-
MD5
4ea78b1b2a15a891ec00c0bddcadb83a
-
SHA1
13d655c1921e3528a21482728bda1a224dc2f45c
-
SHA256
f49c007ff8629ee0f50640f26e8479614a24ba33b8923d29380ea19cd2713d68
-
SHA512
8ce6e107f0b92c0c7b55582472e99d869d4837f660eedb66389241e5ba4aec9f251914e9e432df06d4c4584bc19619c1b76fb9c99c88e91d7de18e7446052d4d
Static task
static1
Behavioral task
behavioral1
Sample
f49c007ff8629ee0f50640f26e8479614a24ba33b8923d29380ea19cd2713d68.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
f49c007ff8629ee0f50640f26e8479614a24ba33b8923d29380ea19cd2713d68
-
Size
3.9MB
-
MD5
4ea78b1b2a15a891ec00c0bddcadb83a
-
SHA1
13d655c1921e3528a21482728bda1a224dc2f45c
-
SHA256
f49c007ff8629ee0f50640f26e8479614a24ba33b8923d29380ea19cd2713d68
-
SHA512
8ce6e107f0b92c0c7b55582472e99d869d4837f660eedb66389241e5ba4aec9f251914e9e432df06d4c4584bc19619c1b76fb9c99c88e91d7de18e7446052d4d
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-