General
-
Target
3d87daf8badbb0fbe993f33993ef616cf13f4595d04f51bbfa07ee6f6b1dc539
-
Size
4.2MB
-
Sample
240509-2ssccsbc7x
-
MD5
53d208c01b5cbfc683db48527adb7f10
-
SHA1
858133fbd3698c33f0d7b92a683d762bcdcba631
-
SHA256
3d87daf8badbb0fbe993f33993ef616cf13f4595d04f51bbfa07ee6f6b1dc539
-
SHA512
24ae1bcd8702c200348e3d3890bcb3ebdf50b005775fc1cf4c5ca0070275955a8b554a2544cb24fb205f4ee16f1414070e126ac5b7a5d896b6784c4f80f369d9
-
SSDEEP
98304:iYE/QoZkfUddgB/NLBrYmLXHurcfmZW2TaRm8O:js9ZkNL91+rc+b
Static task
static1
Behavioral task
behavioral1
Sample
3d87daf8badbb0fbe993f33993ef616cf13f4595d04f51bbfa07ee6f6b1dc539.exe
Resource
win7-20240220-en
Malware Config
Targets
-
-
Target
3d87daf8badbb0fbe993f33993ef616cf13f4595d04f51bbfa07ee6f6b1dc539
-
Size
4.2MB
-
MD5
53d208c01b5cbfc683db48527adb7f10
-
SHA1
858133fbd3698c33f0d7b92a683d762bcdcba631
-
SHA256
3d87daf8badbb0fbe993f33993ef616cf13f4595d04f51bbfa07ee6f6b1dc539
-
SHA512
24ae1bcd8702c200348e3d3890bcb3ebdf50b005775fc1cf4c5ca0070275955a8b554a2544cb24fb205f4ee16f1414070e126ac5b7a5d896b6784c4f80f369d9
-
SSDEEP
98304:iYE/QoZkfUddgB/NLBrYmLXHurcfmZW2TaRm8O:js9ZkNL91+rc+b
-
Glupteba payload
-
Modifies boot configuration data using bcdedit
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1