General
-
Target
b66192b44f54b30665c4ccbc94c04c967871ac0393ada29fa80306a75c7d3c1e
-
Size
4.2MB
-
Sample
240418-22txjshd94
-
MD5
1853a092e1502daffa7a2720ee79416e
-
SHA1
251878bb735b3c5c17bd8577b2d59acfb41b3035
-
SHA256
b66192b44f54b30665c4ccbc94c04c967871ac0393ada29fa80306a75c7d3c1e
-
SHA512
facdaf1d4c3ef6207a53c4e4985639041480161a4b4ab7067445ee1bb6aa4846387c57567ba75d18d858e195750b500a86f65ac6a750809d838682ebe84d9781
-
SSDEEP
98304:ZU4Iq03aI5N3yqqHwBEspKQ2DvCGo03KUue+Tz:rIh7By/QBEsp+2hnfz
Static task
static1
Behavioral task
behavioral1
Sample
b66192b44f54b30665c4ccbc94c04c967871ac0393ada29fa80306a75c7d3c1e.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
b66192b44f54b30665c4ccbc94c04c967871ac0393ada29fa80306a75c7d3c1e
-
Size
4.2MB
-
MD5
1853a092e1502daffa7a2720ee79416e
-
SHA1
251878bb735b3c5c17bd8577b2d59acfb41b3035
-
SHA256
b66192b44f54b30665c4ccbc94c04c967871ac0393ada29fa80306a75c7d3c1e
-
SHA512
facdaf1d4c3ef6207a53c4e4985639041480161a4b4ab7067445ee1bb6aa4846387c57567ba75d18d858e195750b500a86f65ac6a750809d838682ebe84d9781
-
SSDEEP
98304:ZU4Iq03aI5N3yqqHwBEspKQ2DvCGo03KUue+Tz:rIh7By/QBEsp+2hnfz
-
Glupteba payload
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1