General
-
Target
6b2091f53e9bb4a45f3e79cf2437749d390fffab49f086ad104a5db0a7b335a9
-
Size
4.2MB
-
Sample
240418-2ndcmsaa2s
-
MD5
c3c33e2110973703b46cfa8f739f7afb
-
SHA1
8d07e89dd94eb50826ee669e7112b0fbb2881341
-
SHA256
6b2091f53e9bb4a45f3e79cf2437749d390fffab49f086ad104a5db0a7b335a9
-
SHA512
4f75e4258f73dc7362f29e2a83b53017b452c82e9450576fef66d80b3acca9fd1fc3d390f25cf9917cd9ed944b9a9a0c7496005dcbfc857db1825e84e6e8c3dd
-
SSDEEP
98304:VuMksqipP1XHlFWFXwmFrGSppmsRKA6e2iRIo9R1q7CHM:Rks3vXHKFwmqsRR/2MI8a7Cs
Static task
static1
Behavioral task
behavioral1
Sample
6b2091f53e9bb4a45f3e79cf2437749d390fffab49f086ad104a5db0a7b335a9.exe
Resource
win7-20240215-en
Malware Config
Targets
-
-
Target
6b2091f53e9bb4a45f3e79cf2437749d390fffab49f086ad104a5db0a7b335a9
-
Size
4.2MB
-
MD5
c3c33e2110973703b46cfa8f739f7afb
-
SHA1
8d07e89dd94eb50826ee669e7112b0fbb2881341
-
SHA256
6b2091f53e9bb4a45f3e79cf2437749d390fffab49f086ad104a5db0a7b335a9
-
SHA512
4f75e4258f73dc7362f29e2a83b53017b452c82e9450576fef66d80b3acca9fd1fc3d390f25cf9917cd9ed944b9a9a0c7496005dcbfc857db1825e84e6e8c3dd
-
SSDEEP
98304:VuMksqipP1XHlFWFXwmFrGSppmsRKA6e2iRIo9R1q7CHM:Rks3vXHKFwmqsRR/2MI8a7Cs
-
Glupteba payload
-
XMRig Miner payload
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1