General
-
Target
c1e5deef9648e678d11be1fae1eaef515aef1732fae137ed4361af24ac62ce3a
-
Size
3.8MB
-
Sample
220509-aylyzsefcp
-
MD5
612ca23b487748d41925ab470adf454f
-
SHA1
931d6312114bd181bd4e6b52026b6ead4cb9fbfb
-
SHA256
c1e5deef9648e678d11be1fae1eaef515aef1732fae137ed4361af24ac62ce3a
-
SHA512
382081f428db4057e18936dd7897e0eb0968cb3c0ffe8525e3233fe68b15f744cfbbd8610c87d7380efe31a6498bae59cdca88010711c3dc02685e0d5926eef9
Static task
static1
Behavioral task
behavioral1
Sample
c1e5deef9648e678d11be1fae1eaef515aef1732fae137ed4361af24ac62ce3a.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
c1e5deef9648e678d11be1fae1eaef515aef1732fae137ed4361af24ac62ce3a
-
Size
3.8MB
-
MD5
612ca23b487748d41925ab470adf454f
-
SHA1
931d6312114bd181bd4e6b52026b6ead4cb9fbfb
-
SHA256
c1e5deef9648e678d11be1fae1eaef515aef1732fae137ed4361af24ac62ce3a
-
SHA512
382081f428db4057e18936dd7897e0eb0968cb3c0ffe8525e3233fe68b15f744cfbbd8610c87d7380efe31a6498bae59cdca88010711c3dc02685e0d5926eef9
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-