General
-
Target
c45951f94490cd8d077dcdf730ff50f3fb15814040688612e8b260e0b9b07535
-
Size
3.9MB
-
Sample
220509-aw9bhabgc9
-
MD5
4cf24e2eb7b4b3d03fa4f0dfe7dc6a0a
-
SHA1
076ccfd4d4680a36954225f5b40eecdccedd7a27
-
SHA256
c45951f94490cd8d077dcdf730ff50f3fb15814040688612e8b260e0b9b07535
-
SHA512
6c446ad938885af46be74bdfef5dafba593000b54c91a64cd0736a1abc3eb6516a7a527e585b862ab2bf114009015c82c07f9bfd8f749cbfd47de6b9fefbc607
Static task
static1
Behavioral task
behavioral1
Sample
c45951f94490cd8d077dcdf730ff50f3fb15814040688612e8b260e0b9b07535.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
c45951f94490cd8d077dcdf730ff50f3fb15814040688612e8b260e0b9b07535
-
Size
3.9MB
-
MD5
4cf24e2eb7b4b3d03fa4f0dfe7dc6a0a
-
SHA1
076ccfd4d4680a36954225f5b40eecdccedd7a27
-
SHA256
c45951f94490cd8d077dcdf730ff50f3fb15814040688612e8b260e0b9b07535
-
SHA512
6c446ad938885af46be74bdfef5dafba593000b54c91a64cd0736a1abc3eb6516a7a527e585b862ab2bf114009015c82c07f9bfd8f749cbfd47de6b9fefbc607
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-