General
-
Target
2fb2f5ad67f59bf26a24767b810e89a4a566dbbf765845f425f59fb84477adb2
-
Size
4.2MB
-
Sample
240418-2elbwsgf63
-
MD5
0a9f44485b56be821f21310135743978
-
SHA1
b471efc652f4087882bf3c379f4aa0c9980959ff
-
SHA256
2fb2f5ad67f59bf26a24767b810e89a4a566dbbf765845f425f59fb84477adb2
-
SHA512
20332afa232b38bab775bafb573449859bf6addc96b1db373de6a514af1601cfd49c62e38d53cbae6fdd50fa437125b74ce70e6e6bfff3400760743270761918
-
SSDEEP
98304:+CaftNj+u7KNRVHR2Q7UufYl81Mzh66Z5kbRiBHB9arql/J:WtBzONTNQxJkbRihjx
Static task
static1
Behavioral task
behavioral1
Sample
2fb2f5ad67f59bf26a24767b810e89a4a566dbbf765845f425f59fb84477adb2.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
2fb2f5ad67f59bf26a24767b810e89a4a566dbbf765845f425f59fb84477adb2
-
Size
4.2MB
-
MD5
0a9f44485b56be821f21310135743978
-
SHA1
b471efc652f4087882bf3c379f4aa0c9980959ff
-
SHA256
2fb2f5ad67f59bf26a24767b810e89a4a566dbbf765845f425f59fb84477adb2
-
SHA512
20332afa232b38bab775bafb573449859bf6addc96b1db373de6a514af1601cfd49c62e38d53cbae6fdd50fa437125b74ce70e6e6bfff3400760743270761918
-
SSDEEP
98304:+CaftNj+u7KNRVHR2Q7UufYl81Mzh66Z5kbRiBHB9arql/J:WtBzONTNQxJkbRihjx
-
Glupteba payload
-
XMRig Miner payload
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1