General
-
Target
CA69CC6680515603FF76C0D9F7FF98AF.exe
-
Size
4.1MB
-
Sample
230328-wwdqgsea9y
-
MD5
ca69cc6680515603ff76c0d9f7ff98af
-
SHA1
a838890818f67c9a0eba8f3d15c04fcd6f7a3bb8
-
SHA256
44af15077c839bdc975ebd81f2bd2188c0ced84ea9b2facbda807eb3d05747d0
-
SHA512
dc6b9c7f56d7a0085e62e7779337b70ab9b8700d0ea580bf8455361dc17c69654bb0ab68ff7cd89f260140a3c1aa43d2161d3d4a0856ab6d8d5c90102cf7e61b
-
SSDEEP
98304:zFkiC6Dxkh193M37JyWckqXzjOES7r9ojcGWjOKol:RkiCcxkJM34WcfNSNSUsl
Static task
static1
Behavioral task
behavioral1
Sample
CA69CC6680515603FF76C0D9F7FF98AF.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
CA69CC6680515603FF76C0D9F7FF98AF.exe
-
Size
4.1MB
-
MD5
ca69cc6680515603ff76c0d9f7ff98af
-
SHA1
a838890818f67c9a0eba8f3d15c04fcd6f7a3bb8
-
SHA256
44af15077c839bdc975ebd81f2bd2188c0ced84ea9b2facbda807eb3d05747d0
-
SHA512
dc6b9c7f56d7a0085e62e7779337b70ab9b8700d0ea580bf8455361dc17c69654bb0ab68ff7cd89f260140a3c1aa43d2161d3d4a0856ab6d8d5c90102cf7e61b
-
SSDEEP
98304:zFkiC6Dxkh193M37JyWckqXzjOES7r9ojcGWjOKol:RkiCcxkJM34WcfNSNSUsl
-
Glupteba payload
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-