General
-
Target
how_to_tame_a_wild_tongue_metaphor-RTMD-AH-RtF-GMAAAFzsCAEdCGQAmAGbBP4UA.bin.zip
-
Size
3.7MB
-
Sample
220516-j25d6sacgn
-
MD5
5267d1c06a8ce7d309bc03deda8f4e0c
-
SHA1
30c6861b776356456a635119fc9817a708b639db
-
SHA256
3c1ad5e16b7bcd6de12003bd6d7c2c94e47b1819dda35992beaad1dce5322b23
-
SHA512
5975f9561297506aec01c669252611b216d5526c5b50889ee7c768982ac89b6291e75148de12251aee94d899fb99bd2f5998472e18844442588629b10351bf6d
Static task
static1
Behavioral task
behavioral1
Sample
how_to_tame_a_wild_tongue_metaphor-RTMD-AH-RtF-GMAAAFzsCAEdCGQAmAGbBP4UA.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
how_to_tame_a_wild_tongue_metaphor-RTMD-AH-RtF-GMAAAFzsCAEdCGQAmAGbBP4UA.exe
Resource
win10-20220414-en
Malware Config
Targets
-
-
Target
how_to_tame_a_wild_tongue_metaphor-RTMD-AH-RtF-GMAAAFzsCAEdCGQAmAGbBP4UA.bin
-
Size
3.7MB
-
MD5
81703610976f32d1c1f091cf3c9d672e
-
SHA1
16c099c944685a8e597aef71ff1c78bdf190a0c4
-
SHA256
7ebcfa350728f258d2df454a58ef1866c5ec430b575fd239518af3ec92c29984
-
SHA512
818ed03701aaf1869172fd7be84cb4fd9380d9be6e7aa13b4cd65a68330bb8ff741623504672f056afb5d7881c73eb3d2ea31b52c953128fead19af7428c2e57
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-