General
-
Target
1ea3c3acb4c6e533907cc7bdafd5cb4bd5e8294b717803e86b57c925d5992aef
-
Size
5.0MB
-
Sample
220520-e94qdsdbbm
-
MD5
79b2dce444347169977d7fa87137f839
-
SHA1
239779f6b48824a9e7626f6aa3c306c08eb244dd
-
SHA256
1ea3c3acb4c6e533907cc7bdafd5cb4bd5e8294b717803e86b57c925d5992aef
-
SHA512
73d68bf150662bb78ceb913dd54d5fe2414aed37769dd453102eb4ac9ea5fc565fbd45ecd9ba4e95422ba191ff0f8d1544d6fcb715b6c51fac5bbe1cc805346f
Static task
static1
Behavioral task
behavioral1
Sample
1ea3c3acb4c6e533907cc7bdafd5cb4bd5e8294b717803e86b57c925d5992aef.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
1ea3c3acb4c6e533907cc7bdafd5cb4bd5e8294b717803e86b57c925d5992aef
-
Size
5.0MB
-
MD5
79b2dce444347169977d7fa87137f839
-
SHA1
239779f6b48824a9e7626f6aa3c306c08eb244dd
-
SHA256
1ea3c3acb4c6e533907cc7bdafd5cb4bd5e8294b717803e86b57c925d5992aef
-
SHA512
73d68bf150662bb78ceb913dd54d5fe2414aed37769dd453102eb4ac9ea5fc565fbd45ecd9ba4e95422ba191ff0f8d1544d6fcb715b6c51fac5bbe1cc805346f
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup
suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-