General
-
Target
9b1076e07eee28c9dd72056c2875540896f5a763725a7e4c03908798c59b2843
-
Size
4.1MB
-
Sample
240509-294rqafh66
-
MD5
5a8a9d7f93db4c9ccc693665ad64a424
-
SHA1
2b38fb5dbf8c69f6b4ac70e61112c570d1f26d1a
-
SHA256
9b1076e07eee28c9dd72056c2875540896f5a763725a7e4c03908798c59b2843
-
SHA512
b2bb7123c21a66532d3b989a0c2cbd73fcfca954bb973bcee821a2b6b970d1a593ae7b63b81598a3d644f3a9e41fb3704dd993c83ed2d2b7a2a9fd2d97724b6e
-
SSDEEP
98304:9xF9Koc7rIBIdDddbknqRPbHT0aH5QhVOOYdAu:nK97aYDXkkX0aZQhV0d3
Static task
static1
Behavioral task
behavioral1
Sample
9b1076e07eee28c9dd72056c2875540896f5a763725a7e4c03908798c59b2843.exe
Resource
win7-20240419-en
Malware Config
Targets
-
-
Target
9b1076e07eee28c9dd72056c2875540896f5a763725a7e4c03908798c59b2843
-
Size
4.1MB
-
MD5
5a8a9d7f93db4c9ccc693665ad64a424
-
SHA1
2b38fb5dbf8c69f6b4ac70e61112c570d1f26d1a
-
SHA256
9b1076e07eee28c9dd72056c2875540896f5a763725a7e4c03908798c59b2843
-
SHA512
b2bb7123c21a66532d3b989a0c2cbd73fcfca954bb973bcee821a2b6b970d1a593ae7b63b81598a3d644f3a9e41fb3704dd993c83ed2d2b7a2a9fd2d97724b6e
-
SSDEEP
98304:9xF9Koc7rIBIdDddbknqRPbHT0aH5QhVOOYdAu:nK97aYDXkkX0aZQhV0d3
-
Glupteba payload
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1