General
-
Target
05525699.exe
-
Size
4.2MB
-
Sample
230606-s4vgesfa3s
-
MD5
f1a159e11bc533227517e5f900e72952
-
SHA1
573291a57431230e0abd72d965cc94934d6d7a37
-
SHA256
1a23e08c4188adf03902d8f42a9752655fbbc311bc8f7f64c86e7230d4c4efd9
-
SHA512
e4c2042e792ff138f756f7fc07b5eac88780bbef9b2436f68022ed6c4bd1a7f03947d08f3a38ae4eef7eea338daf5a9c052d7e1c45969cbdc56f9466dd4a1fb7
-
SSDEEP
98304:iwPHzJGsSBKd2SXXNMk8lMY/ndSjzYudYViNA+e46:i+TDj6tfAjsuTVeH
Static task
static1
Behavioral task
behavioral1
Sample
05525699.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
05525699.exe
-
Size
4.2MB
-
MD5
f1a159e11bc533227517e5f900e72952
-
SHA1
573291a57431230e0abd72d965cc94934d6d7a37
-
SHA256
1a23e08c4188adf03902d8f42a9752655fbbc311bc8f7f64c86e7230d4c4efd9
-
SHA512
e4c2042e792ff138f756f7fc07b5eac88780bbef9b2436f68022ed6c4bd1a7f03947d08f3a38ae4eef7eea338daf5a9c052d7e1c45969cbdc56f9466dd4a1fb7
-
SSDEEP
98304:iwPHzJGsSBKd2SXXNMk8lMY/ndSjzYudYViNA+e46:i+TDj6tfAjsuTVeH
-
Glupteba payload
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-