General
-
Target
7a59ddefc2433806274b340af9cd19c6d119cedacfe6b5c498482c605f6a8a1b
-
Size
4.2MB
-
Sample
240418-2q6rzaaa8v
-
MD5
6c1956eb2baee6fbd3c111b4c26cd490
-
SHA1
70f0c07eea58dbe10210da4a6dae0939ef9d7009
-
SHA256
7a59ddefc2433806274b340af9cd19c6d119cedacfe6b5c498482c605f6a8a1b
-
SHA512
5573adade375b1ffb27d3550368167c6fe3d910f6186798dd5ba1c318371d1177df647bd1f06429c6bf1c29afaa275a7ab6a1eaa47f082d7d9e46e58c8f9a026
-
SSDEEP
98304:2CaftNj+u7KNRVHR2Q7UufYl81Mzh66Z5kbRiBHB9arql/z:+tBzONTNQxJkbRihjr
Static task
static1
Behavioral task
behavioral1
Sample
7a59ddefc2433806274b340af9cd19c6d119cedacfe6b5c498482c605f6a8a1b.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
7a59ddefc2433806274b340af9cd19c6d119cedacfe6b5c498482c605f6a8a1b
-
Size
4.2MB
-
MD5
6c1956eb2baee6fbd3c111b4c26cd490
-
SHA1
70f0c07eea58dbe10210da4a6dae0939ef9d7009
-
SHA256
7a59ddefc2433806274b340af9cd19c6d119cedacfe6b5c498482c605f6a8a1b
-
SHA512
5573adade375b1ffb27d3550368167c6fe3d910f6186798dd5ba1c318371d1177df647bd1f06429c6bf1c29afaa275a7ab6a1eaa47f082d7d9e46e58c8f9a026
-
SSDEEP
98304:2CaftNj+u7KNRVHR2Q7UufYl81Mzh66Z5kbRiBHB9arql/z:+tBzONTNQxJkbRihjr
-
Glupteba payload
-
XMRig Miner payload
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1