General
-
Target
7be11a9b3e367e40fc4229a8df5128e4925678e597257df22b14049c6f38b411
-
Size
4.2MB
-
Sample
240418-2rkacsaa9v
-
MD5
9e9be3d6955c673f054a831a7e510323
-
SHA1
e1ba8a45557b0a3291c42a03ed311a8228e11600
-
SHA256
7be11a9b3e367e40fc4229a8df5128e4925678e597257df22b14049c6f38b411
-
SHA512
c30bd83648a711316a744d546dc38c1158bad5eebd4ae93c99b8bbbec48fca4d3537bc5fdb4e6d105ccfa2c274ab2f918a113590a73ed08e95e3b3f7eadf2d80
-
SSDEEP
98304:iChC/hFO80L+t/wLiRU21IjdLRD45lSQeb0Kza87aMC:Fh+FA+Cifk45cQeb08aKar
Static task
static1
Behavioral task
behavioral1
Sample
7be11a9b3e367e40fc4229a8df5128e4925678e597257df22b14049c6f38b411.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
7be11a9b3e367e40fc4229a8df5128e4925678e597257df22b14049c6f38b411
-
Size
4.2MB
-
MD5
9e9be3d6955c673f054a831a7e510323
-
SHA1
e1ba8a45557b0a3291c42a03ed311a8228e11600
-
SHA256
7be11a9b3e367e40fc4229a8df5128e4925678e597257df22b14049c6f38b411
-
SHA512
c30bd83648a711316a744d546dc38c1158bad5eebd4ae93c99b8bbbec48fca4d3537bc5fdb4e6d105ccfa2c274ab2f918a113590a73ed08e95e3b3f7eadf2d80
-
SSDEEP
98304:iChC/hFO80L+t/wLiRU21IjdLRD45lSQeb0Kza87aMC:Fh+FA+Cifk45cQeb08aKar
-
Glupteba payload
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1