General
-
Target
da41fad3849e789c56fd39e612277bbcdfaa34f6256484a64246dde3e908aeb9
-
Size
3.8MB
-
Sample
220509-aw7snsbgc7
-
MD5
29def8dde4c9c0dffb841e2df12344fe
-
SHA1
86ed491900a0b76a762559cfc4017afa2c569741
-
SHA256
da41fad3849e789c56fd39e612277bbcdfaa34f6256484a64246dde3e908aeb9
-
SHA512
ccc1ef54314c6f18be5d434d109334126952e1be6248ef90ea668c4e154b969e3cefcd5985b8a008e6a9d3ffab69e1744ad1deb7dad80220a1693493601c42f0
Static task
static1
Behavioral task
behavioral1
Sample
da41fad3849e789c56fd39e612277bbcdfaa34f6256484a64246dde3e908aeb9.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
da41fad3849e789c56fd39e612277bbcdfaa34f6256484a64246dde3e908aeb9.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
da41fad3849e789c56fd39e612277bbcdfaa34f6256484a64246dde3e908aeb9
-
Size
3.8MB
-
MD5
29def8dde4c9c0dffb841e2df12344fe
-
SHA1
86ed491900a0b76a762559cfc4017afa2c569741
-
SHA256
da41fad3849e789c56fd39e612277bbcdfaa34f6256484a64246dde3e908aeb9
-
SHA512
ccc1ef54314c6f18be5d434d109334126952e1be6248ef90ea668c4e154b969e3cefcd5985b8a008e6a9d3ffab69e1744ad1deb7dad80220a1693493601c42f0
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-