General
-
Target
08762399.exe
-
Size
4.2MB
-
Sample
230607-peqkdsag2w
-
MD5
ed1e6b5bc66d2cfd01a74792952a55ba
-
SHA1
35d9dbe1d23f7b19d5a3630efa1edd48f4ceb6c3
-
SHA256
35e4318a950e69c8b64d054a0b0bec986d419ad05009b9c465428dcf1561afe0
-
SHA512
a0dd55cba2781eb765298c473579b117505c323a36f7ae07d634c6a6b1d40dc83da81046c98757a1c05f37022b8e36dca7106bc14ca542d45eca3428d5a19ecf
-
SSDEEP
98304:t7cjpnWTod4g2pxfbBxBg9mIiQMFSS/eeWhy:d4pnQn9xB8w/epY
Static task
static1
Behavioral task
behavioral1
Sample
08762399.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
08762399.exe
-
Size
4.2MB
-
MD5
ed1e6b5bc66d2cfd01a74792952a55ba
-
SHA1
35d9dbe1d23f7b19d5a3630efa1edd48f4ceb6c3
-
SHA256
35e4318a950e69c8b64d054a0b0bec986d419ad05009b9c465428dcf1561afe0
-
SHA512
a0dd55cba2781eb765298c473579b117505c323a36f7ae07d634c6a6b1d40dc83da81046c98757a1c05f37022b8e36dca7106bc14ca542d45eca3428d5a19ecf
-
SSDEEP
98304:t7cjpnWTod4g2pxfbBxBg9mIiQMFSS/eeWhy:d4pnQn9xB8w/epY
-
Glupteba payload
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-