General
-
Target
5f9bb56e26db9d0f8cb7894d548326823dd524f28e2bc2bb9ac77bf4d8968a93
-
Size
3.9MB
-
Sample
220509-axsp5sbgd9
-
MD5
2d9954959c9b28d9fe26ac79e0fb6049
-
SHA1
09fb85db59f081e92f5603af12794f1fb7f1918c
-
SHA256
5f9bb56e26db9d0f8cb7894d548326823dd524f28e2bc2bb9ac77bf4d8968a93
-
SHA512
fd04cdd5de4591ba18a05e827187834b08c25e4b4f0c4c00eefd5828f2964fd0dd576deb3811d992edb9e482d8070b4bcb302a81a43a279907b23dfa1bfdc162
Static task
static1
Behavioral task
behavioral1
Sample
5f9bb56e26db9d0f8cb7894d548326823dd524f28e2bc2bb9ac77bf4d8968a93.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
5f9bb56e26db9d0f8cb7894d548326823dd524f28e2bc2bb9ac77bf4d8968a93
-
Size
3.9MB
-
MD5
2d9954959c9b28d9fe26ac79e0fb6049
-
SHA1
09fb85db59f081e92f5603af12794f1fb7f1918c
-
SHA256
5f9bb56e26db9d0f8cb7894d548326823dd524f28e2bc2bb9ac77bf4d8968a93
-
SHA512
fd04cdd5de4591ba18a05e827187834b08c25e4b4f0c4c00eefd5828f2964fd0dd576deb3811d992edb9e482d8070b4bcb302a81a43a279907b23dfa1bfdc162
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-