General
-
Target
d25c6d7d163608ab9f809fdbc94494e8ddc691ccee14f3b81c201b13f2a91823
-
Size
3.8MB
-
Sample
220516-cecbjshfd7
-
MD5
26f30a49da1ead58d66ab99bd3e79954
-
SHA1
5c0c373a169301033640b71b6ee728d8b54b4dc2
-
SHA256
d25c6d7d163608ab9f809fdbc94494e8ddc691ccee14f3b81c201b13f2a91823
-
SHA512
3cf04d5b34144bd09b6767c603795185d90499eda0afcbfeff45e102cc4f73e17147387a84c4b31495ec508951303cb9ee25daabb3abdb84151790e6540f830b
Static task
static1
Behavioral task
behavioral1
Sample
d25c6d7d163608ab9f809fdbc94494e8ddc691ccee14f3b81c201b13f2a91823.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
d25c6d7d163608ab9f809fdbc94494e8ddc691ccee14f3b81c201b13f2a91823.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
d25c6d7d163608ab9f809fdbc94494e8ddc691ccee14f3b81c201b13f2a91823
-
Size
3.8MB
-
MD5
26f30a49da1ead58d66ab99bd3e79954
-
SHA1
5c0c373a169301033640b71b6ee728d8b54b4dc2
-
SHA256
d25c6d7d163608ab9f809fdbc94494e8ddc691ccee14f3b81c201b13f2a91823
-
SHA512
3cf04d5b34144bd09b6767c603795185d90499eda0afcbfeff45e102cc4f73e17147387a84c4b31495ec508951303cb9ee25daabb3abdb84151790e6540f830b
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-