General
-
Target
9a59d10aa896213b14ce316e37e1cf143beae3e218fa1a0a59a4e8fb12d36d14
-
Size
3.7MB
-
Sample
220512-n2nhwaddg5
-
MD5
956f93f6ca80f29e965e060671f9fe49
-
SHA1
ae17dc8820837dc4f627351c5a2e8534b1690202
-
SHA256
9a59d10aa896213b14ce316e37e1cf143beae3e218fa1a0a59a4e8fb12d36d14
-
SHA512
482c107e3789fdf16fc6d62121647afa9b7138400d4401b476683f842726105cb1a96ae479082f52b1ad4ee79dfbdc68c8efbb8988d467f8f62fa31db4997af1
Static task
static1
Behavioral task
behavioral1
Sample
9a59d10aa896213b14ce316e37e1cf143beae3e218fa1a0a59a4e8fb12d36d14.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
9a59d10aa896213b14ce316e37e1cf143beae3e218fa1a0a59a4e8fb12d36d14
-
Size
3.7MB
-
MD5
956f93f6ca80f29e965e060671f9fe49
-
SHA1
ae17dc8820837dc4f627351c5a2e8534b1690202
-
SHA256
9a59d10aa896213b14ce316e37e1cf143beae3e218fa1a0a59a4e8fb12d36d14
-
SHA512
482c107e3789fdf16fc6d62121647afa9b7138400d4401b476683f842726105cb1a96ae479082f52b1ad4ee79dfbdc68c8efbb8988d467f8f62fa31db4997af1
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-