General
-
Target
51be5c9ad83aee60f1c15777a771e0b26617784e860076fa190281b8b0fedffe
-
Size
3.9MB
-
Sample
220509-axyldsefbn
-
MD5
fd532520001568ed81451e72aaa230b3
-
SHA1
557844f084ce563b4538c03db4f4d3f2ea7a08da
-
SHA256
51be5c9ad83aee60f1c15777a771e0b26617784e860076fa190281b8b0fedffe
-
SHA512
887c16b2dcc40bdea91d261bb7df66b4137097ae5b4728c86e61e85f084a2f0a542103fdae9cae39845b526dc6322f90bc4bb210dfcbfff3144a1a38af49fce6
Static task
static1
Behavioral task
behavioral1
Sample
51be5c9ad83aee60f1c15777a771e0b26617784e860076fa190281b8b0fedffe.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
51be5c9ad83aee60f1c15777a771e0b26617784e860076fa190281b8b0fedffe
-
Size
3.9MB
-
MD5
fd532520001568ed81451e72aaa230b3
-
SHA1
557844f084ce563b4538c03db4f4d3f2ea7a08da
-
SHA256
51be5c9ad83aee60f1c15777a771e0b26617784e860076fa190281b8b0fedffe
-
SHA512
887c16b2dcc40bdea91d261bb7df66b4137097ae5b4728c86e61e85f084a2f0a542103fdae9cae39845b526dc6322f90bc4bb210dfcbfff3144a1a38af49fce6
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-