General
-
Target
5e7d3490818e3f2a96f7a9dfc6950f9c.bin
-
Size
4.1MB
-
Sample
230608-bs432sac95
-
MD5
08f95a1e96e13e6d42f3500738e5b910
-
SHA1
f421c6fb2a9c2dc3cce5bde0f0919d1945bd72af
-
SHA256
8f62f7d1245e2a838ed3a7e96c77401ab97f630af0da9d9611ed186128e3c2b3
-
SHA512
f6ad60c998683f2afc9639598cdf340fdd15968ffe5f77c55a0a3118f2cf5409ef877451be32322db9d9cc215b5d24384e9ca2a1a504545d840b12efb6e3ccde
-
SSDEEP
98304:XQ6OyU7ZNGbE45rWoQbL0iofPiSmhRhvfPP5:REZNGlWPL0ioPip7hnPP5
Static task
static1
Behavioral task
behavioral1
Sample
e498809a30cab90e8d5eb3ff4610bc177ea9e63110530da50643332263f4ab55.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
e498809a30cab90e8d5eb3ff4610bc177ea9e63110530da50643332263f4ab55.exe
-
Size
4.2MB
-
MD5
5e7d3490818e3f2a96f7a9dfc6950f9c
-
SHA1
934454a655f32b4645ce827b3a39bed2cf5d891c
-
SHA256
e498809a30cab90e8d5eb3ff4610bc177ea9e63110530da50643332263f4ab55
-
SHA512
6e94afcc7027d56a9ad19cc687766a4dab407314b622128200ebc84ebfb6a5f9f8a29f9da7a6ce5db0ec7a96cb9992fc964430818426468a59d222d054e3c24a
-
SSDEEP
98304:6tF4ah6fnbBWKRFjbBoWQaZBcADzh9LZIm9riDYPhtZj:1c6foKbBzDcADzhht5F
-
Glupteba payload
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-