General
-
Target
0003b8511af2141eb5eca6e00a79149fd0f0f5a1d30a65c69e9fc35d0ac7cbc2
-
Size
3.9MB
-
Sample
220509-ayhassefcn
-
MD5
87c49a6ee18fc531e6ec1af4e275d186
-
SHA1
ed8cbea702a65c81a8ac8a8c7ed76f8d860859f3
-
SHA256
0003b8511af2141eb5eca6e00a79149fd0f0f5a1d30a65c69e9fc35d0ac7cbc2
-
SHA512
69fb73977d4d9b9ded7233e478af934cb34d7bd1648fc0528b29f453cebb6c5ec2d67d279345a86400de4165581323a2ba7446585b1180c838368db909d9a69c
Static task
static1
Behavioral task
behavioral1
Sample
0003b8511af2141eb5eca6e00a79149fd0f0f5a1d30a65c69e9fc35d0ac7cbc2.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
0003b8511af2141eb5eca6e00a79149fd0f0f5a1d30a65c69e9fc35d0ac7cbc2
-
Size
3.9MB
-
MD5
87c49a6ee18fc531e6ec1af4e275d186
-
SHA1
ed8cbea702a65c81a8ac8a8c7ed76f8d860859f3
-
SHA256
0003b8511af2141eb5eca6e00a79149fd0f0f5a1d30a65c69e9fc35d0ac7cbc2
-
SHA512
69fb73977d4d9b9ded7233e478af934cb34d7bd1648fc0528b29f453cebb6c5ec2d67d279345a86400de4165581323a2ba7446585b1180c838368db909d9a69c
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-