General
-
Target
34c0d5d9a47949f05049a1a9f2d898b2fcb57c3a52d2220e0ca0fcc8c469b4e4
-
Size
4.1MB
-
Sample
240509-2rfxyaed69
-
MD5
6545acc2c5840a4c67256759224c570d
-
SHA1
26a022b2b99c7df1abaec900d71b7deef6895e74
-
SHA256
34c0d5d9a47949f05049a1a9f2d898b2fcb57c3a52d2220e0ca0fcc8c469b4e4
-
SHA512
4fa97ccb7ea0da12676e8ad651f622f2b72c4679a59b340bb42422cf9e922ac82054ea4817a92eb2125a2ea35e9e58bf3974fe54d8cd6eeb4b6b62a898d88015
-
SSDEEP
98304:dxF9Koc7rIBIdDddbknqRPbHT0aH5QhVOOYdAo:HK97aYDXkkX0aZQhV0dd
Static task
static1
Behavioral task
behavioral1
Sample
34c0d5d9a47949f05049a1a9f2d898b2fcb57c3a52d2220e0ca0fcc8c469b4e4.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
34c0d5d9a47949f05049a1a9f2d898b2fcb57c3a52d2220e0ca0fcc8c469b4e4
-
Size
4.1MB
-
MD5
6545acc2c5840a4c67256759224c570d
-
SHA1
26a022b2b99c7df1abaec900d71b7deef6895e74
-
SHA256
34c0d5d9a47949f05049a1a9f2d898b2fcb57c3a52d2220e0ca0fcc8c469b4e4
-
SHA512
4fa97ccb7ea0da12676e8ad651f622f2b72c4679a59b340bb42422cf9e922ac82054ea4817a92eb2125a2ea35e9e58bf3974fe54d8cd6eeb4b6b62a898d88015
-
SSDEEP
98304:dxF9Koc7rIBIdDddbknqRPbHT0aH5QhVOOYdAo:HK97aYDXkkX0aZQhV0dd
-
Glupteba payload
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1