General
-
Target
8f90e7b534454367aa000d1f2b3d9345045904dea5935d950696c5cad170384b
-
Size
3.5MB
-
Sample
220520-ez2s2sceep
-
MD5
5635e26c47223e47e3a87856d2e004b5
-
SHA1
4bcb817e4479f2c78c068c6163bf2ea70283be96
-
SHA256
8f90e7b534454367aa000d1f2b3d9345045904dea5935d950696c5cad170384b
-
SHA512
fbd79a001807a2853c753219d2ac33f1e86c73cff2ad88e9320b6b4d03a40252d3db327b6a94e3e09102677f01a94d0b6fd32e3182ed0ec15d85e9398f3b8e4e
Static task
static1
Behavioral task
behavioral1
Sample
8f90e7b534454367aa000d1f2b3d9345045904dea5935d950696c5cad170384b.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
8f90e7b534454367aa000d1f2b3d9345045904dea5935d950696c5cad170384b
-
Size
3.5MB
-
MD5
5635e26c47223e47e3a87856d2e004b5
-
SHA1
4bcb817e4479f2c78c068c6163bf2ea70283be96
-
SHA256
8f90e7b534454367aa000d1f2b3d9345045904dea5935d950696c5cad170384b
-
SHA512
fbd79a001807a2853c753219d2ac33f1e86c73cff2ad88e9320b6b4d03a40252d3db327b6a94e3e09102677f01a94d0b6fd32e3182ed0ec15d85e9398f3b8e4e
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Suspicious use of SetThreadContext
-