General
-
Target
8b0bc6d4b66528046bbb615a4749d3f8de40587632fc98e16264d39644f2839f
-
Size
4.1MB
-
Sample
230612-dhplqabc41
-
MD5
d82f58a3a66392e427af0c1ed193a436
-
SHA1
9400a04b6723f3c338dc783ee1f042c38b0ef7bb
-
SHA256
8b0bc6d4b66528046bbb615a4749d3f8de40587632fc98e16264d39644f2839f
-
SHA512
8fd988b26e6c15bb35820ee880fc910bd765d7a7cd0776c370133a236ce9b1f4d558f922efb538a9e98c5c5d5c3a49a0cf4df59b7ea1383152cb15b824913fdb
-
SSDEEP
98304:pXhDTlaeN7+WIQy2uZFBRMNdD+S1O82s2jA3qPjPLFjEut3uNt+euu2TO+N8:pXXN7DvuZ5M7+v4AjLFgNt+euq
Static task
static1
Behavioral task
behavioral1
Sample
8b0bc6d4b66528046bbb615a4749d3f8de40587632fc98e16264d39644f2839f.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
8b0bc6d4b66528046bbb615a4749d3f8de40587632fc98e16264d39644f2839f
-
Size
4.1MB
-
MD5
d82f58a3a66392e427af0c1ed193a436
-
SHA1
9400a04b6723f3c338dc783ee1f042c38b0ef7bb
-
SHA256
8b0bc6d4b66528046bbb615a4749d3f8de40587632fc98e16264d39644f2839f
-
SHA512
8fd988b26e6c15bb35820ee880fc910bd765d7a7cd0776c370133a236ce9b1f4d558f922efb538a9e98c5c5d5c3a49a0cf4df59b7ea1383152cb15b824913fdb
-
SSDEEP
98304:pXhDTlaeN7+WIQy2uZFBRMNdD+S1O82s2jA3qPjPLFjEut3uNt+euu2TO+N8:pXXN7DvuZ5M7+v4AjLFgNt+euq
-
Glupteba payload
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-