General
-
Target
18ee6f46fdab9f9f508bebe827d00d9a725639457cc3e1638a13cd905999772b
-
Size
3.9MB
-
Sample
220509-aybg9abgf4
-
MD5
4f0898d549720a99de306bd1fceafd22
-
SHA1
e505b0ce2ad3918f71fa9e060557a92e1b7a48bc
-
SHA256
18ee6f46fdab9f9f508bebe827d00d9a725639457cc3e1638a13cd905999772b
-
SHA512
5faa950f4b9aeb67cc1fcd72990fd78f889a837479edc6b4b206d4c70b3a12b66e265e448ce60a352e8626cfcf6594d65277e4cad698077c2a3fe4f9169d18ba
Static task
static1
Behavioral task
behavioral1
Sample
18ee6f46fdab9f9f508bebe827d00d9a725639457cc3e1638a13cd905999772b.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
18ee6f46fdab9f9f508bebe827d00d9a725639457cc3e1638a13cd905999772b
-
Size
3.9MB
-
MD5
4f0898d549720a99de306bd1fceafd22
-
SHA1
e505b0ce2ad3918f71fa9e060557a92e1b7a48bc
-
SHA256
18ee6f46fdab9f9f508bebe827d00d9a725639457cc3e1638a13cd905999772b
-
SHA512
5faa950f4b9aeb67cc1fcd72990fd78f889a837479edc6b4b206d4c70b3a12b66e265e448ce60a352e8626cfcf6594d65277e4cad698077c2a3fe4f9169d18ba
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-