General
-
Target
0e2f764e25439b12e157acf4026e476170b035a63fdf03a7787804167342912f
-
Size
4.2MB
-
Sample
240418-19t2vagd75
-
MD5
af60398f0dde0f0b4b42ba0109bc0c11
-
SHA1
7420e865c11906ab5f1bb7365decb3bb9cb2b83b
-
SHA256
0e2f764e25439b12e157acf4026e476170b035a63fdf03a7787804167342912f
-
SHA512
ee54333d7a97ecc5b18d382c95d6f2d25fa98f184c21cdf58386d18b7c94200d56fab49a4919b4d44fe3a3ead2cdfba099797be3ed13272fd98fd0927f722e3b
-
SSDEEP
98304:quyrGypqI+jQNI2yZdVf1PPEbZeKJfOVA1nr687Hqee:erGyDNIhzK8AxHKp
Static task
static1
Behavioral task
behavioral1
Sample
0e2f764e25439b12e157acf4026e476170b035a63fdf03a7787804167342912f.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
0e2f764e25439b12e157acf4026e476170b035a63fdf03a7787804167342912f
-
Size
4.2MB
-
MD5
af60398f0dde0f0b4b42ba0109bc0c11
-
SHA1
7420e865c11906ab5f1bb7365decb3bb9cb2b83b
-
SHA256
0e2f764e25439b12e157acf4026e476170b035a63fdf03a7787804167342912f
-
SHA512
ee54333d7a97ecc5b18d382c95d6f2d25fa98f184c21cdf58386d18b7c94200d56fab49a4919b4d44fe3a3ead2cdfba099797be3ed13272fd98fd0927f722e3b
-
SSDEEP
98304:quyrGypqI+jQNI2yZdVf1PPEbZeKJfOVA1nr687Hqee:erGyDNIhzK8AxHKp
-
Glupteba payload
-
XMRig Miner payload
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1