General
-
Target
9a83c410c67c2bc61872ebbac43419918f915728754b81f3d5e83abaefb792ae
-
Size
3.9MB
-
Sample
220509-axj31aefap
-
MD5
a36637c1fef93931154d2a838365189d
-
SHA1
c9000eb567d5a8ca357f890f9ec7a0660e5ddeb3
-
SHA256
9a83c410c67c2bc61872ebbac43419918f915728754b81f3d5e83abaefb792ae
-
SHA512
93dd224af589c121093294b06f859a1168103a507db40b025f8a8388feafc7491deecef337ff6dd5e579845c53698bba661eb8df1b0bc5d681041626398786b5
Static task
static1
Behavioral task
behavioral1
Sample
9a83c410c67c2bc61872ebbac43419918f915728754b81f3d5e83abaefb792ae.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
9a83c410c67c2bc61872ebbac43419918f915728754b81f3d5e83abaefb792ae
-
Size
3.9MB
-
MD5
a36637c1fef93931154d2a838365189d
-
SHA1
c9000eb567d5a8ca357f890f9ec7a0660e5ddeb3
-
SHA256
9a83c410c67c2bc61872ebbac43419918f915728754b81f3d5e83abaefb792ae
-
SHA512
93dd224af589c121093294b06f859a1168103a507db40b025f8a8388feafc7491deecef337ff6dd5e579845c53698bba661eb8df1b0bc5d681041626398786b5
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-