General
-
Target
06c980f949509e4bcc09b65a9accfe872cd30af386799f0c74fd450f6f440240
-
Size
3.8MB
-
Sample
220516-ca5gjabghm
-
MD5
a9dd5607f44c6b5553f522cecdc7ec08
-
SHA1
4549b10402f20f6c27461436e9ecf6c532dced7f
-
SHA256
06c980f949509e4bcc09b65a9accfe872cd30af386799f0c74fd450f6f440240
-
SHA512
fbce2577f146268954f0eb3bcd263f5f0a6304e9d4343545d07c0a39a4e429df952e452eb3dacb32deda17df74b103237a366eb4c9fc76e7309fee00f1eba63e
Static task
static1
Behavioral task
behavioral1
Sample
06c980f949509e4bcc09b65a9accfe872cd30af386799f0c74fd450f6f440240.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
06c980f949509e4bcc09b65a9accfe872cd30af386799f0c74fd450f6f440240
-
Size
3.8MB
-
MD5
a9dd5607f44c6b5553f522cecdc7ec08
-
SHA1
4549b10402f20f6c27461436e9ecf6c532dced7f
-
SHA256
06c980f949509e4bcc09b65a9accfe872cd30af386799f0c74fd450f6f440240
-
SHA512
fbce2577f146268954f0eb3bcd263f5f0a6304e9d4343545d07c0a39a4e429df952e452eb3dacb32deda17df74b103237a366eb4c9fc76e7309fee00f1eba63e
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-