General
-
Target
674cb9a48d9c1d89661bbbafe9178b4582aa7dc648346de299088cd145d5693e
-
Size
4.2MB
-
Sample
240418-2m3adaha24
-
MD5
21e2a27a2434d0571584dafe72940dc9
-
SHA1
6dbb542d5c10969f5ff0b042e1ce402279842251
-
SHA256
674cb9a48d9c1d89661bbbafe9178b4582aa7dc648346de299088cd145d5693e
-
SHA512
3874fdb380ca862dcb78ef0a4d40892b9e2e2866a0820f7a0167d4e8b3562f47998125ebe9e65ffc65a1e84014a19d97f357ab6d3334b7a73d40f8fde183af0e
-
SSDEEP
98304:QCBc9KeWx4sdjbV9tIZtrLYeqWjLeSq2Nr9KDCyWDEkaU:Ne9ezBJI34WzaWDdaU
Static task
static1
Behavioral task
behavioral1
Sample
674cb9a48d9c1d89661bbbafe9178b4582aa7dc648346de299088cd145d5693e.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
674cb9a48d9c1d89661bbbafe9178b4582aa7dc648346de299088cd145d5693e
-
Size
4.2MB
-
MD5
21e2a27a2434d0571584dafe72940dc9
-
SHA1
6dbb542d5c10969f5ff0b042e1ce402279842251
-
SHA256
674cb9a48d9c1d89661bbbafe9178b4582aa7dc648346de299088cd145d5693e
-
SHA512
3874fdb380ca862dcb78ef0a4d40892b9e2e2866a0820f7a0167d4e8b3562f47998125ebe9e65ffc65a1e84014a19d97f357ab6d3334b7a73d40f8fde183af0e
-
SSDEEP
98304:QCBc9KeWx4sdjbV9tIZtrLYeqWjLeSq2Nr9KDCyWDEkaU:Ne9ezBJI34WzaWDdaU
-
Glupteba payload
-
XMRig Miner payload
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1