Overview

overview

10

Static

static

3

Glass1511.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Glass1511.exe

  • Size

    2.1MB

  • Sample

    240611-vgw3vavamr

  • MD5

    c1d39a0e69bbb26bfd6800a3495a4ed3

  • SHA1

    ab986bfc719991fb586e0f7bc40e00d468623357

  • SHA256

    608e31d0c42ccfc81e3c255cc56d7aa5168b18bd51453879a2be21ed07f9b4c8

  • SHA512

    01a725cfd97d2536c0ac4a9c3d8d7cfa0928413e9de82acb21ac580422ef4b30b8f41b0a36c3006526699a09b5a5722f53d29f86999d2be8abdb71a353254243

  • SSDEEP

    49152:8a6WKE1Qen2cnCuPTtUdoPiZ9zLbJo0Y7aKnMpe/K7U:X6XEtCiko6Z9zJ27aKMpeAU

Score
10/10
r77discoverypersistencerootkit

Malware Config

Targets

    • Target

      Glass1511.exe

    • Size

      2.1MB

    • MD5

      c1d39a0e69bbb26bfd6800a3495a4ed3

    • SHA1

      ab986bfc719991fb586e0f7bc40e00d468623357

    • SHA256

      608e31d0c42ccfc81e3c255cc56d7aa5168b18bd51453879a2be21ed07f9b4c8

    • SHA512

      01a725cfd97d2536c0ac4a9c3d8d7cfa0928413e9de82acb21ac580422ef4b30b8f41b0a36c3006526699a09b5a5722f53d29f86999d2be8abdb71a353254243

    • SSDEEP

      49152:8a6WKE1Qen2cnCuPTtUdoPiZ9zLbJo0Y7aKnMpe/K7U:X6XEtCiko6Z9zJ27aKMpeAU

    Score
    10/10
    r77discoverypersistencerootkit

    • r77

      r77 is an open-source, userland rootkit.

      rootkitr77

    • r77 rootkit payload

      Detects the payload of the r77 rootkit.

    • Modifies AppInit DLL entries

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks