General
-
Target
1edf3e3f81c602642a87bc206a60e5666fd81a4d1d5a82c2f3575eb794defc64
-
Size
3.9MB
-
Sample
220509-ayq8psefdk
-
MD5
6859315432eb91afe438d83b01bbedd8
-
SHA1
b1d9fe1f42796353aa2ea610143e78c557932e5e
-
SHA256
1edf3e3f81c602642a87bc206a60e5666fd81a4d1d5a82c2f3575eb794defc64
-
SHA512
0c87a9518c1f373f8098fedaf52afc527a846af77f9568829fe056dab5a7d154e92e8f888e15f6ba44c044c8d6772ea8a28f770ba9d6370f1985f8721b8eca0d
Static task
static1
Behavioral task
behavioral1
Sample
1edf3e3f81c602642a87bc206a60e5666fd81a4d1d5a82c2f3575eb794defc64.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
1edf3e3f81c602642a87bc206a60e5666fd81a4d1d5a82c2f3575eb794defc64
-
Size
3.9MB
-
MD5
6859315432eb91afe438d83b01bbedd8
-
SHA1
b1d9fe1f42796353aa2ea610143e78c557932e5e
-
SHA256
1edf3e3f81c602642a87bc206a60e5666fd81a4d1d5a82c2f3575eb794defc64
-
SHA512
0c87a9518c1f373f8098fedaf52afc527a846af77f9568829fe056dab5a7d154e92e8f888e15f6ba44c044c8d6772ea8a28f770ba9d6370f1985f8721b8eca0d
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-