General
-
Target
c7752a20e52025e9ea49b4ce63f8a85bdc605a928692e635258abefb71ff7198
-
Size
4.2MB
-
Sample
240418-2492jsaf2t
-
MD5
08b4b79e38098f63c2f042fd14b050ce
-
SHA1
b10793e6fd33bac98c854144375747006ffff1d0
-
SHA256
c7752a20e52025e9ea49b4ce63f8a85bdc605a928692e635258abefb71ff7198
-
SHA512
6b806ccafdadc0dc7d33e765d111e5fc6a6db496694dd3eb4d6ae980dbc8a35353629d74ff0d5270e46697a6fbf595d2cde724b0b738f23faa1b9b019437b0d6
-
SSDEEP
98304:+xYk/Wd4gprCGADohyqBdv1Fi5ytzZrDpDNRM:wnWmu2kBdS54nBNi
Static task
static1
Behavioral task
behavioral1
Sample
c7752a20e52025e9ea49b4ce63f8a85bdc605a928692e635258abefb71ff7198.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
c7752a20e52025e9ea49b4ce63f8a85bdc605a928692e635258abefb71ff7198
-
Size
4.2MB
-
MD5
08b4b79e38098f63c2f042fd14b050ce
-
SHA1
b10793e6fd33bac98c854144375747006ffff1d0
-
SHA256
c7752a20e52025e9ea49b4ce63f8a85bdc605a928692e635258abefb71ff7198
-
SHA512
6b806ccafdadc0dc7d33e765d111e5fc6a6db496694dd3eb4d6ae980dbc8a35353629d74ff0d5270e46697a6fbf595d2cde724b0b738f23faa1b9b019437b0d6
-
SSDEEP
98304:+xYk/Wd4gprCGADohyqBdv1Fi5ytzZrDpDNRM:wnWmu2kBdS54nBNi
-
Glupteba payload
-
XMRig Miner payload
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1