General
-
Target
e8145c7ef0e67b08204c5c832c116410e47d0cb47c479c27582c10619fcc2b76
-
Size
3.9MB
-
Sample
220512-ntxrksdag9
-
MD5
36b916eede950172b262c888b1e82a72
-
SHA1
7cacba9f2eaff7584cf6c06c8f5b23853e77cc79
-
SHA256
e8145c7ef0e67b08204c5c832c116410e47d0cb47c479c27582c10619fcc2b76
-
SHA512
ffddad17c0879e317b09e72482710e10d72d4b6aae948661d43a34488e4f1ef098b84292da6ef8eb62dbdaa4327f53fbde9ed5eb8c2ac9087cb1cf8de5332115
Static task
static1
Behavioral task
behavioral1
Sample
e8145c7ef0e67b08204c5c832c116410e47d0cb47c479c27582c10619fcc2b76.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
e8145c7ef0e67b08204c5c832c116410e47d0cb47c479c27582c10619fcc2b76
-
Size
3.9MB
-
MD5
36b916eede950172b262c888b1e82a72
-
SHA1
7cacba9f2eaff7584cf6c06c8f5b23853e77cc79
-
SHA256
e8145c7ef0e67b08204c5c832c116410e47d0cb47c479c27582c10619fcc2b76
-
SHA512
ffddad17c0879e317b09e72482710e10d72d4b6aae948661d43a34488e4f1ef098b84292da6ef8eb62dbdaa4327f53fbde9ed5eb8c2ac9087cb1cf8de5332115
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-