General
-
Target
8077b94cd803f3e4ff242b494b2e91d780da5c2f2766e1d4ec304c54f8225def
-
Size
3.7MB
-
Sample
220512-n2qm8sddg6
-
MD5
fc36812c35862bfa3a8886a369e345f2
-
SHA1
34eda046de9e7a1915bd67b991caa5340eb23428
-
SHA256
8077b94cd803f3e4ff242b494b2e91d780da5c2f2766e1d4ec304c54f8225def
-
SHA512
6a37038115e950b44cdd8cdf3ba8b06414011753a07c08ccc37b0b476a0fde8044025daeeb960789a56d5e440390df1b9f314435045f8a9af6f117355b0dc164
Static task
static1
Behavioral task
behavioral1
Sample
8077b94cd803f3e4ff242b494b2e91d780da5c2f2766e1d4ec304c54f8225def.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
8077b94cd803f3e4ff242b494b2e91d780da5c2f2766e1d4ec304c54f8225def
-
Size
3.7MB
-
MD5
fc36812c35862bfa3a8886a369e345f2
-
SHA1
34eda046de9e7a1915bd67b991caa5340eb23428
-
SHA256
8077b94cd803f3e4ff242b494b2e91d780da5c2f2766e1d4ec304c54f8225def
-
SHA512
6a37038115e950b44cdd8cdf3ba8b06414011753a07c08ccc37b0b476a0fde8044025daeeb960789a56d5e440390df1b9f314435045f8a9af6f117355b0dc164
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-