General
-
Target
d3fdd5eff40b06403c6c0b23a3db8da233f2fc582ed1923f12fec5a0e0cc6c5e
-
Size
4.9MB
-
Sample
220520-d1a62saeaq
-
MD5
8bced00751dd2ceac7a121f414d53e65
-
SHA1
b7f1c5cc1817756381274bf3adcf602463e1854b
-
SHA256
d3fdd5eff40b06403c6c0b23a3db8da233f2fc582ed1923f12fec5a0e0cc6c5e
-
SHA512
838ed288437a1778baabf788e679f9e1131b5c80dc0cb9e0435d41cfa3f469e17ace681e7ecc62f5af3f6f2199baf40283c2a5809e977cedf49e5af0f42f08b2
Static task
static1
Behavioral task
behavioral1
Sample
d3fdd5eff40b06403c6c0b23a3db8da233f2fc582ed1923f12fec5a0e0cc6c5e.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
d3fdd5eff40b06403c6c0b23a3db8da233f2fc582ed1923f12fec5a0e0cc6c5e
-
Size
4.9MB
-
MD5
8bced00751dd2ceac7a121f414d53e65
-
SHA1
b7f1c5cc1817756381274bf3adcf602463e1854b
-
SHA256
d3fdd5eff40b06403c6c0b23a3db8da233f2fc582ed1923f12fec5a0e0cc6c5e
-
SHA512
838ed288437a1778baabf788e679f9e1131b5c80dc0cb9e0435d41cfa3f469e17ace681e7ecc62f5af3f6f2199baf40283c2a5809e977cedf49e5af0f42f08b2
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup
suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-