General
-
Target
97fec03b84ab258614148496ef79735edf1f937763b0cb857db6f55476dc310a
-
Size
378KB
-
Sample
240417-q8qb6aag28
-
MD5
4075beed0f66fda1f8be112c19655302
-
SHA1
fbda51527f64e16f9ea8c51a7d2ef4fa4045ef79
-
SHA256
97fec03b84ab258614148496ef79735edf1f937763b0cb857db6f55476dc310a
-
SHA512
6e2d309383c88dd569b72d65456731c5c642655e7c3c43d23742260753d734bd1a64577974be9881b2ace6853848677ea6e0338593668a962aac34031c47320d
-
SSDEEP
6144:aHP+Mtw8V5lu27UBlHqY6OG3sSTxecwOlZbjOcIcOBzxxg/tbC2v1PrP:aHP+MtpM2ABlHz0sSiOllCQOvMbrhP
Static task
static1
Behavioral task
behavioral1
Sample
2a27f01ed2a25d9f6145902608570413d90133aa5e8d9cb7777026447977c9f0.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
2a27f01ed2a25d9f6145902608570413d90133aa5e8d9cb7777026447977c9f0.exe
-
Size
396KB
-
MD5
01f642a68a587ee691ce6033c436e0e1
-
SHA1
e54acbd5ed2125b5118deeec10c059d4e88803cd
-
SHA256
2a27f01ed2a25d9f6145902608570413d90133aa5e8d9cb7777026447977c9f0
-
SHA512
da2cd93c653639de73c1461d0fe92cb666794159ebcb7d8492abb859c0cd10e1ffcc65effd1d13a72f74aa571c70d0f1c901246478d1ee77d5a7a7546ac87202
-
SSDEEP
6144:9foVL+C+YZTWgnFaF7VVeTJuFi5YFvfYdAE2aJi3yeYKmMvfsNVY1cvG35yp:9c9ZTWaFaFxVQ2YdAE2aJi3uKIN3
-
Glupteba payload
-
Modifies boot configuration data using bcdedit
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1