General
-
Target
9e1cf2aa467c032fbff958598d31921c891e7d1988225245ab5e257ec4c0abe6
-
Size
3.8MB
-
Sample
220509-axgymsbgd5
-
MD5
57e106c2cb486a1d3924e128591b8c62
-
SHA1
6c3b1c9e16bc76b131180c44e7fd259efd0a498e
-
SHA256
9e1cf2aa467c032fbff958598d31921c891e7d1988225245ab5e257ec4c0abe6
-
SHA512
05743f3b1560d28d4770f7c7c012090dccc5ea70a0636dff1d834856ac9c1a5d4bc3261fcec799171c9cfa051750ef82e8df253b2d58d73c24dc4210a07fd823
Static task
static1
Behavioral task
behavioral1
Sample
9e1cf2aa467c032fbff958598d31921c891e7d1988225245ab5e257ec4c0abe6.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
9e1cf2aa467c032fbff958598d31921c891e7d1988225245ab5e257ec4c0abe6
-
Size
3.8MB
-
MD5
57e106c2cb486a1d3924e128591b8c62
-
SHA1
6c3b1c9e16bc76b131180c44e7fd259efd0a498e
-
SHA256
9e1cf2aa467c032fbff958598d31921c891e7d1988225245ab5e257ec4c0abe6
-
SHA512
05743f3b1560d28d4770f7c7c012090dccc5ea70a0636dff1d834856ac9c1a5d4bc3261fcec799171c9cfa051750ef82e8df253b2d58d73c24dc4210a07fd823
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-