General
-
Target
eee544ff3042ebe04bd12cd25fa5dfe417aa35fbe43017ee1eefbb62dee2df29
-
Size
5.5MB
-
Sample
210227-y9lgqzwjdj
-
MD5
74ed75664043ee127063cbe797d95ec4
-
SHA1
92a2a2937b281c0ada62a5a36690000399bcf6d4
-
SHA256
eee544ff3042ebe04bd12cd25fa5dfe417aa35fbe43017ee1eefbb62dee2df29
-
SHA512
7139309a9c5011d8a5efdfe21a31086f98f9cfd92593f1321912d8d9b70d00f1b67f8a5a038f44322c27d5c9d316d4d7b83f43b4670ee7fd849b4c76ccd0ad12
Static task
static1
Behavioral task
behavioral1
Sample
eee544ff3042ebe04bd12cd25fa5dfe417aa35fbe43017ee1eefbb62dee2df29.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
eee544ff3042ebe04bd12cd25fa5dfe417aa35fbe43017ee1eefbb62dee2df29
-
Size
5.5MB
-
MD5
74ed75664043ee127063cbe797d95ec4
-
SHA1
92a2a2937b281c0ada62a5a36690000399bcf6d4
-
SHA256
eee544ff3042ebe04bd12cd25fa5dfe417aa35fbe43017ee1eefbb62dee2df29
-
SHA512
7139309a9c5011d8a5efdfe21a31086f98f9cfd92593f1321912d8d9b70d00f1b67f8a5a038f44322c27d5c9d316d4d7b83f43b4670ee7fd849b4c76ccd0ad12
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-