General
-
Target
59b81eaeecf05892a5f0d1b33520af34c41427e6070c86435a5d2ae3ac039aea
-
Size
3.8MB
-
Sample
220509-axvvhabge3
-
MD5
73e24d6dfe788708d74c1ca688b42d80
-
SHA1
7386c4c3b07051107aedce44877ae0b0fc832c55
-
SHA256
59b81eaeecf05892a5f0d1b33520af34c41427e6070c86435a5d2ae3ac039aea
-
SHA512
678807c7e9851a5794a38466b6fa142a6fc5972aff47125ba868e2b6650d0951bb0d033de4082d71cb55c0a44ef47e443770d30432086e809e9978ff76ec3b15
Static task
static1
Behavioral task
behavioral1
Sample
59b81eaeecf05892a5f0d1b33520af34c41427e6070c86435a5d2ae3ac039aea.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
59b81eaeecf05892a5f0d1b33520af34c41427e6070c86435a5d2ae3ac039aea
-
Size
3.8MB
-
MD5
73e24d6dfe788708d74c1ca688b42d80
-
SHA1
7386c4c3b07051107aedce44877ae0b0fc832c55
-
SHA256
59b81eaeecf05892a5f0d1b33520af34c41427e6070c86435a5d2ae3ac039aea
-
SHA512
678807c7e9851a5794a38466b6fa142a6fc5972aff47125ba868e2b6650d0951bb0d033de4082d71cb55c0a44ef47e443770d30432086e809e9978ff76ec3b15
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-