General
-
Target
32ffd8afdab0aa8813b29251b39f3d010e4a1d2d1eca19e9b8825190ea3c4d1b
-
Size
3.9MB
-
Sample
220509-ax6xrsbge9
-
MD5
5f844e9f04b1f6265b891f1a9144c6b4
-
SHA1
6e31e59c7e911959886c89c0303ca6c79e96bafa
-
SHA256
32ffd8afdab0aa8813b29251b39f3d010e4a1d2d1eca19e9b8825190ea3c4d1b
-
SHA512
e91a06316617dbcf74cc2c80ba66d8655b34e53390b56b4275b9db1295fa855a1a9b8d5c46c0b19d7d45eb5ce656c8d38c690cfee3db1009a1a4d8ec4ed2c878
Static task
static1
Behavioral task
behavioral1
Sample
32ffd8afdab0aa8813b29251b39f3d010e4a1d2d1eca19e9b8825190ea3c4d1b.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
32ffd8afdab0aa8813b29251b39f3d010e4a1d2d1eca19e9b8825190ea3c4d1b
-
Size
3.9MB
-
MD5
5f844e9f04b1f6265b891f1a9144c6b4
-
SHA1
6e31e59c7e911959886c89c0303ca6c79e96bafa
-
SHA256
32ffd8afdab0aa8813b29251b39f3d010e4a1d2d1eca19e9b8825190ea3c4d1b
-
SHA512
e91a06316617dbcf74cc2c80ba66d8655b34e53390b56b4275b9db1295fa855a1a9b8d5c46c0b19d7d45eb5ce656c8d38c690cfee3db1009a1a4d8ec4ed2c878
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-