General
-
Target
7bd17453b714d7326d9e2b57fd2ef9becdb4106b4ce3c6cbcefbd9e2f13dbca1
-
Size
4.2MB
-
Sample
240418-2rgjgahb39
-
MD5
6f3370143dc81b219f3b827f90ec05d2
-
SHA1
4b302b4024acb7e43de971e4eebabd1543b9736a
-
SHA256
7bd17453b714d7326d9e2b57fd2ef9becdb4106b4ce3c6cbcefbd9e2f13dbca1
-
SHA512
8ae00171258737329594ae023bbbdddce2e76212a483e2b9f65186c0ad0d9d2af426e0f554f4ccba7b5c0d609eb5df3a731bffa398a3cfb804d4f9296ee1d18f
-
SSDEEP
98304:TEUiY0TvDECnu2UVhqwvQ1Emz7z765moMQUcsnFyS:cYYDzP4h6Lz7zm1rUcOFyS
Static task
static1
Behavioral task
behavioral1
Sample
7bd17453b714d7326d9e2b57fd2ef9becdb4106b4ce3c6cbcefbd9e2f13dbca1.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
7bd17453b714d7326d9e2b57fd2ef9becdb4106b4ce3c6cbcefbd9e2f13dbca1
-
Size
4.2MB
-
MD5
6f3370143dc81b219f3b827f90ec05d2
-
SHA1
4b302b4024acb7e43de971e4eebabd1543b9736a
-
SHA256
7bd17453b714d7326d9e2b57fd2ef9becdb4106b4ce3c6cbcefbd9e2f13dbca1
-
SHA512
8ae00171258737329594ae023bbbdddce2e76212a483e2b9f65186c0ad0d9d2af426e0f554f4ccba7b5c0d609eb5df3a731bffa398a3cfb804d4f9296ee1d18f
-
SSDEEP
98304:TEUiY0TvDECnu2UVhqwvQ1Emz7z765moMQUcsnFyS:cYYDzP4h6Lz7zm1rUcOFyS
-
Glupteba payload
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1