General
-
Target
951925a7994f5898e54b17a1237db32e9ab7cc715555707db2350752ebcbaebf
-
Size
3.9MB
-
Sample
220509-axk1asefaq
-
MD5
0dabcde31fa74e5d6d5af213b00e2bff
-
SHA1
7e6e90e29ba33795317bc17c1b7ad50617c5fa87
-
SHA256
951925a7994f5898e54b17a1237db32e9ab7cc715555707db2350752ebcbaebf
-
SHA512
7af2ddd6857ff1e6fddfe76a10307a9f51bf5ce42b1e19dbc102a6016fa66feebb5acfcb5257e046566683fa23e52604dc9a452a82423e48e43ff291876f0c37
Static task
static1
Behavioral task
behavioral1
Sample
951925a7994f5898e54b17a1237db32e9ab7cc715555707db2350752ebcbaebf.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
951925a7994f5898e54b17a1237db32e9ab7cc715555707db2350752ebcbaebf
-
Size
3.9MB
-
MD5
0dabcde31fa74e5d6d5af213b00e2bff
-
SHA1
7e6e90e29ba33795317bc17c1b7ad50617c5fa87
-
SHA256
951925a7994f5898e54b17a1237db32e9ab7cc715555707db2350752ebcbaebf
-
SHA512
7af2ddd6857ff1e6fddfe76a10307a9f51bf5ce42b1e19dbc102a6016fa66feebb5acfcb5257e046566683fa23e52604dc9a452a82423e48e43ff291876f0c37
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-