General
-
Target
fd23d52e2ce8268f9648e5239256f5960e62d681315653c776eea49f45ec7c15
-
Size
4.1MB
-
Sample
240517-a4zf9she8v
-
MD5
eb00d146a50bfc74d8281f4cca8fe3bc
-
SHA1
54761a16f66a52fdf5d878c9b5a2dcc964c93006
-
SHA256
fd23d52e2ce8268f9648e5239256f5960e62d681315653c776eea49f45ec7c15
-
SHA512
8d65e62e4a651b20f29a731e56f5cd08f1601dd97dfb5863d5c471303eed25981a0cf523c3fa1e672a59f599583aaca81e466575cb2c0609408c7a686f934019
-
SSDEEP
49152:H7QmEbcqaZzGq8QcqWQjVg2jH5kShpuw/ycY+0yIq1wyJFXQ2nyEuQGmmL:bWbHa59Z7dviShpLY7RCwkXQ2n5oL
Static task
static1
Behavioral task
behavioral1
Sample
fd23d52e2ce8268f9648e5239256f5960e62d681315653c776eea49f45ec7c15.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
fd23d52e2ce8268f9648e5239256f5960e62d681315653c776eea49f45ec7c15
-
Size
4.1MB
-
MD5
eb00d146a50bfc74d8281f4cca8fe3bc
-
SHA1
54761a16f66a52fdf5d878c9b5a2dcc964c93006
-
SHA256
fd23d52e2ce8268f9648e5239256f5960e62d681315653c776eea49f45ec7c15
-
SHA512
8d65e62e4a651b20f29a731e56f5cd08f1601dd97dfb5863d5c471303eed25981a0cf523c3fa1e672a59f599583aaca81e466575cb2c0609408c7a686f934019
-
SSDEEP
49152:H7QmEbcqaZzGq8QcqWQjVg2jH5kShpuw/ycY+0yIq1wyJFXQ2nyEuQGmmL:bWbHa59Z7dviShpLY7RCwkXQ2n5oL
-
Glupteba payload
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1