General
-
Target
271f3e6bc48957e86008c036837ad7f42387f31853841c4007c0809a4ce6429c
-
Size
4.2MB
-
Sample
240418-2dmhkagf34
-
MD5
06b8ba42eb9f3a07c3e28c5827b161b6
-
SHA1
d6eeea8e780013a8a6ec0ae3078129dbc95b3cdd
-
SHA256
271f3e6bc48957e86008c036837ad7f42387f31853841c4007c0809a4ce6429c
-
SHA512
b53ea28698597a25ab9a7064c929b86558481eca02e6a1d8b6e99c2a59cae5a3328a0ea8fb0884af3af5262dc6e1c41e490d958a558232f4e3159d62ec32b7d7
-
SSDEEP
98304:yChC/hFO80L+t/wLiRU21IjdLRD45lSQeb0Kza87aM4:Vh+FA+Cifk45cQeb08aKaN
Static task
static1
Behavioral task
behavioral1
Sample
271f3e6bc48957e86008c036837ad7f42387f31853841c4007c0809a4ce6429c.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
271f3e6bc48957e86008c036837ad7f42387f31853841c4007c0809a4ce6429c
-
Size
4.2MB
-
MD5
06b8ba42eb9f3a07c3e28c5827b161b6
-
SHA1
d6eeea8e780013a8a6ec0ae3078129dbc95b3cdd
-
SHA256
271f3e6bc48957e86008c036837ad7f42387f31853841c4007c0809a4ce6429c
-
SHA512
b53ea28698597a25ab9a7064c929b86558481eca02e6a1d8b6e99c2a59cae5a3328a0ea8fb0884af3af5262dc6e1c41e490d958a558232f4e3159d62ec32b7d7
-
SSDEEP
98304:yChC/hFO80L+t/wLiRU21IjdLRD45lSQeb0Kza87aM4:Vh+FA+Cifk45cQeb08aKaN
-
Glupteba payload
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1