General
-
Target
9b668acac5fac741d355cafd34b5bf9f89e1266be28889c5c4198daa0d0e087c
-
Size
4.2MB
-
Sample
240509-3aav2afh78
-
MD5
165a3550ad8255d54672d11390e75662
-
SHA1
937132fa85cb91cd67df69ab6325bd295427bacc
-
SHA256
9b668acac5fac741d355cafd34b5bf9f89e1266be28889c5c4198daa0d0e087c
-
SHA512
7d975f7a9d3fc834428a3c002f000b63a224cfc09abf3b6da6cd3aaeb5bbe819b1ac2bb869de34124d2cff11c1f87ab8a36f39fe96b11b1701cdc286ab30dfcd
-
SSDEEP
98304:PUwDufGlovf10HwYipeee8YYFInLirvsLz9rlIGTGmz:Pkf6dHw3eAYYFOvrl+mz
Static task
static1
Behavioral task
behavioral1
Sample
9b668acac5fac741d355cafd34b5bf9f89e1266be28889c5c4198daa0d0e087c.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
9b668acac5fac741d355cafd34b5bf9f89e1266be28889c5c4198daa0d0e087c
-
Size
4.2MB
-
MD5
165a3550ad8255d54672d11390e75662
-
SHA1
937132fa85cb91cd67df69ab6325bd295427bacc
-
SHA256
9b668acac5fac741d355cafd34b5bf9f89e1266be28889c5c4198daa0d0e087c
-
SHA512
7d975f7a9d3fc834428a3c002f000b63a224cfc09abf3b6da6cd3aaeb5bbe819b1ac2bb869de34124d2cff11c1f87ab8a36f39fe96b11b1701cdc286ab30dfcd
-
SSDEEP
98304:PUwDufGlovf10HwYipeee8YYFInLirvsLz9rlIGTGmz:Pkf6dHw3eAYYFOvrl+mz
-
Glupteba payload
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1