General
-
Target
03058699.exe
-
Size
4.2MB
-
Sample
230607-n9krysaa59
-
MD5
bb0c8314ce4983cae8f0e477680131f9
-
SHA1
3e67c28f643b059a54894d6bc960edae6034c1ac
-
SHA256
51567301eda5293a0d63c7d7be19c2451b902bf29b5327d8c08ff7a27d3d5186
-
SHA512
00d44d6ce5a5513cf2471fbbe9a851c046644ca548ab3607a27b4abeb4c491b1eead1307a11f929652141a46e219216a1d19bbdcb553d226a915e4eb0e44764c
-
SSDEEP
98304:17cjpnWTod4g2pxfbBxBg9mIiQMFSS/eeWhT:l4pnQn9xB8w/epx
Static task
static1
Behavioral task
behavioral1
Sample
03058699.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
03058699.exe
-
Size
4.2MB
-
MD5
bb0c8314ce4983cae8f0e477680131f9
-
SHA1
3e67c28f643b059a54894d6bc960edae6034c1ac
-
SHA256
51567301eda5293a0d63c7d7be19c2451b902bf29b5327d8c08ff7a27d3d5186
-
SHA512
00d44d6ce5a5513cf2471fbbe9a851c046644ca548ab3607a27b4abeb4c491b1eead1307a11f929652141a46e219216a1d19bbdcb553d226a915e4eb0e44764c
-
SSDEEP
98304:17cjpnWTod4g2pxfbBxBg9mIiQMFSS/eeWhT:l4pnQn9xB8w/epx
-
Glupteba payload
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-