General
-
Target
023d6d744ea77ea70a363bd010bb054d0e0b626757f97341efe2fc655295955a
-
Size
3.8MB
-
Sample
220509-aytc3abgg2
-
MD5
677d016b5e4dd27797f88328d3c09f27
-
SHA1
6b5abf96e08e5984fc7b16ddbe49f25d23d143b9
-
SHA256
023d6d744ea77ea70a363bd010bb054d0e0b626757f97341efe2fc655295955a
-
SHA512
5cb54051e171c9e28defa0cf6e9b98890e707785c6751bd5525b0b76abadfbe2c71ff5577da7a5a0fdb2d8f5a8b02158efade749b05badbd1d8f44b43fd96fcb
Static task
static1
Behavioral task
behavioral1
Sample
023d6d744ea77ea70a363bd010bb054d0e0b626757f97341efe2fc655295955a.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
023d6d744ea77ea70a363bd010bb054d0e0b626757f97341efe2fc655295955a
-
Size
3.8MB
-
MD5
677d016b5e4dd27797f88328d3c09f27
-
SHA1
6b5abf96e08e5984fc7b16ddbe49f25d23d143b9
-
SHA256
023d6d744ea77ea70a363bd010bb054d0e0b626757f97341efe2fc655295955a
-
SHA512
5cb54051e171c9e28defa0cf6e9b98890e707785c6751bd5525b0b76abadfbe2c71ff5577da7a5a0fdb2d8f5a8b02158efade749b05badbd1d8f44b43fd96fcb
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-