General
-
Target
8308179514d386fba1356aa4459f46f925d4a5b9a6f36733154d183c0780ac93
-
Size
4.2MB
-
Sample
230608-fexh9scc23
-
MD5
1d5c8c5f65ece8bd6c534c2a4dab103f
-
SHA1
cb982786f558208767bc171a4c3b718b0db0ce3f
-
SHA256
8308179514d386fba1356aa4459f46f925d4a5b9a6f36733154d183c0780ac93
-
SHA512
92d814721e2a699ca50dc2a8da642d9f405c09efb7731103624eaede318b46f4803e8501aa8437b70040a8da10b97b81d64023c0111b03339a5c96f7c2c665ae
-
SSDEEP
98304:rPc9FcYO05ihGHS9WSnwj8q/RLdadqz/Y0RFELZvszSs:7c3EciILSnqdBdamY0RyeWs
Static task
static1
Behavioral task
behavioral1
Sample
8308179514d386fba1356aa4459f46f925d4a5b9a6f36733154d183c0780ac93.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
8308179514d386fba1356aa4459f46f925d4a5b9a6f36733154d183c0780ac93
-
Size
4.2MB
-
MD5
1d5c8c5f65ece8bd6c534c2a4dab103f
-
SHA1
cb982786f558208767bc171a4c3b718b0db0ce3f
-
SHA256
8308179514d386fba1356aa4459f46f925d4a5b9a6f36733154d183c0780ac93
-
SHA512
92d814721e2a699ca50dc2a8da642d9f405c09efb7731103624eaede318b46f4803e8501aa8437b70040a8da10b97b81d64023c0111b03339a5c96f7c2c665ae
-
SSDEEP
98304:rPc9FcYO05ihGHS9WSnwj8q/RLdadqz/Y0RFELZvszSs:7c3EciILSnqdBdamY0RyeWs
-
Glupteba payload
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-