General
-
Target
84ff14072be6079388eaa1c071824672f61737c3bf8f51e71847762dbdcf6225
-
Size
3.9MB
-
Sample
220509-axn2ysbgd8
-
MD5
34e0782f4d580847bc0030b12ba9745a
-
SHA1
fb6b7efe3a9b91d15cd61819be6e2cd43681c118
-
SHA256
84ff14072be6079388eaa1c071824672f61737c3bf8f51e71847762dbdcf6225
-
SHA512
d69e8a139f707286163c7e937a29d7ec121dbdc2e94c9aa70b14b940408f272bc17731aed88b207f8096106c4882fdd7d619c459e12802eb8a6eddcf9e4ac3a9
Static task
static1
Behavioral task
behavioral1
Sample
84ff14072be6079388eaa1c071824672f61737c3bf8f51e71847762dbdcf6225.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
84ff14072be6079388eaa1c071824672f61737c3bf8f51e71847762dbdcf6225
-
Size
3.9MB
-
MD5
34e0782f4d580847bc0030b12ba9745a
-
SHA1
fb6b7efe3a9b91d15cd61819be6e2cd43681c118
-
SHA256
84ff14072be6079388eaa1c071824672f61737c3bf8f51e71847762dbdcf6225
-
SHA512
d69e8a139f707286163c7e937a29d7ec121dbdc2e94c9aa70b14b940408f272bc17731aed88b207f8096106c4882fdd7d619c459e12802eb8a6eddcf9e4ac3a9
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-