General
-
Target
8743c37485edab28e9e1880236f7ec2f336635aeee90598fcf49ac541682a3b0
-
Size
3.9MB
-
Sample
220509-axm5nabgd7
-
MD5
41489a9eb3c63f2902748eeefc682cf7
-
SHA1
15cc46a4b8002afe3ec0b4468b5cd8ce69fc2baa
-
SHA256
8743c37485edab28e9e1880236f7ec2f336635aeee90598fcf49ac541682a3b0
-
SHA512
2c1a271939e3a77b048d458f0399128c52383843ea0ba06cd7fae301e28f63023bf226032fc94640fcb98ced6c599be3dcfa676f129bafa24f9a2bd9af263c59
Static task
static1
Behavioral task
behavioral1
Sample
8743c37485edab28e9e1880236f7ec2f336635aeee90598fcf49ac541682a3b0.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
8743c37485edab28e9e1880236f7ec2f336635aeee90598fcf49ac541682a3b0
-
Size
3.9MB
-
MD5
41489a9eb3c63f2902748eeefc682cf7
-
SHA1
15cc46a4b8002afe3ec0b4468b5cd8ce69fc2baa
-
SHA256
8743c37485edab28e9e1880236f7ec2f336635aeee90598fcf49ac541682a3b0
-
SHA512
2c1a271939e3a77b048d458f0399128c52383843ea0ba06cd7fae301e28f63023bf226032fc94640fcb98ced6c599be3dcfa676f129bafa24f9a2bd9af263c59
-
Glupteba Payload
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-