General
-
Target
713030a09e78962d6f12c3924adef8d4275733e4579a60b7e985f864df49230f
-
Size
4.2MB
-
Sample
220708-j8xynshagj
-
MD5
649193ad2480b42356f8a3510b97f380
-
SHA1
ce91fb0c24a8bb7bb6e2c6cd17cf797a8ddd8886
-
SHA256
713030a09e78962d6f12c3924adef8d4275733e4579a60b7e985f864df49230f
-
SHA512
652e89159b685418c402937264b607f27fc509a36924813bc8f3dd426e281dd3c804092938b81039d3ab7228d21d543e4b34a7739be013e1f721d75e8bf91860
Static task
static1
Behavioral task
behavioral1
Sample
713030a09e78962d6f12c3924adef8d4275733e4579a60b7e985f864df49230f.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
713030a09e78962d6f12c3924adef8d4275733e4579a60b7e985f864df49230f
-
Size
4.2MB
-
MD5
649193ad2480b42356f8a3510b97f380
-
SHA1
ce91fb0c24a8bb7bb6e2c6cd17cf797a8ddd8886
-
SHA256
713030a09e78962d6f12c3924adef8d4275733e4579a60b7e985f864df49230f
-
SHA512
652e89159b685418c402937264b607f27fc509a36924813bc8f3dd426e281dd3c804092938b81039d3ab7228d21d543e4b34a7739be013e1f721d75e8bf91860
-
Glupteba payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-