General
-
Target
8d1f1605046b4f5989903aeb1970cab44da9b1e974e957e2459f0603f628b6f5
-
Size
4.2MB
-
Sample
240509-27g5yacd9x
-
MD5
9f989ffbe8fb388c308d14f60461f382
-
SHA1
140375d1f179625587f9ec069651aee33de1e0c7
-
SHA256
8d1f1605046b4f5989903aeb1970cab44da9b1e974e957e2459f0603f628b6f5
-
SHA512
684b1a3263b82daea54cc62cfd77c2e0c07551e88f3b08f4ad3c1535d910f60133b778f16540aabe6ebc2de6f6599f7a72af0072a0879dd8b1afac7e50834e18
-
SSDEEP
98304:rZa2VZbCYsNXhwFqGw4s/ionP0i3VgMyn6gsfS:rYkZbZa6Fv+B3Vg99F
Static task
static1
Behavioral task
behavioral1
Sample
8d1f1605046b4f5989903aeb1970cab44da9b1e974e957e2459f0603f628b6f5.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
8d1f1605046b4f5989903aeb1970cab44da9b1e974e957e2459f0603f628b6f5
-
Size
4.2MB
-
MD5
9f989ffbe8fb388c308d14f60461f382
-
SHA1
140375d1f179625587f9ec069651aee33de1e0c7
-
SHA256
8d1f1605046b4f5989903aeb1970cab44da9b1e974e957e2459f0603f628b6f5
-
SHA512
684b1a3263b82daea54cc62cfd77c2e0c07551e88f3b08f4ad3c1535d910f60133b778f16540aabe6ebc2de6f6599f7a72af0072a0879dd8b1afac7e50834e18
-
SSDEEP
98304:rZa2VZbCYsNXhwFqGw4s/ionP0i3VgMyn6gsfS:rYkZbZa6Fv+B3Vg99F
-
Glupteba payload
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1