General
-
Target
5f914b817317c22cc8f5f7a5d0df0869d80e24027339c9b41339152897d589f7
-
Size
4.2MB
-
Sample
220731-m4m5fseaeq
-
MD5
7380596b5ab3f3d963bf600876004131
-
SHA1
67f2a06f571bee30786275a5bc0219c1b3c03c46
-
SHA256
5f914b817317c22cc8f5f7a5d0df0869d80e24027339c9b41339152897d589f7
-
SHA512
2766dc564a584da83494dd5cabb42e04cf24f9a75dbbea23af13a4ac8f69f26f2cf12d501cbed5962cfd8083ac929b11990359e7d921406d0cadc726324a44e3
Behavioral task
behavioral1
Sample
5f914b817317c22cc8f5f7a5d0df0869d80e24027339c9b41339152897d589f7.exe
Resource
win7-20220715-en
Malware Config
Targets
-
-
Target
5f914b817317c22cc8f5f7a5d0df0869d80e24027339c9b41339152897d589f7
-
Size
4.2MB
-
MD5
7380596b5ab3f3d963bf600876004131
-
SHA1
67f2a06f571bee30786275a5bc0219c1b3c03c46
-
SHA256
5f914b817317c22cc8f5f7a5d0df0869d80e24027339c9b41339152897d589f7
-
SHA512
2766dc564a584da83494dd5cabb42e04cf24f9a75dbbea23af13a4ac8f69f26f2cf12d501cbed5962cfd8083ac929b11990359e7d921406d0cadc726324a44e3
-
Glupteba payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-