General
-
Target
9a70811b6813db312d066302a240fbade95efad548c33ae8e6b06857bab4b090
-
Size
3.8MB
-
Sample
220520-fcj56adcdl
-
MD5
74b328b3692da088d6c8e9aa239d1b01
-
SHA1
6808bddeac01222b1c968f84efe3851e3d0b3eba
-
SHA256
9a70811b6813db312d066302a240fbade95efad548c33ae8e6b06857bab4b090
-
SHA512
89ef3363e4ef8efb3a29632f0a4bf023c85fda4fa844ec690e265542ec2578693e4b17f167b7a2133365bb28adfc5d2c60260d981ce4011709f4dc4c3aa9bee3
Static task
static1
Behavioral task
behavioral1
Sample
9a70811b6813db312d066302a240fbade95efad548c33ae8e6b06857bab4b090.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
9a70811b6813db312d066302a240fbade95efad548c33ae8e6b06857bab4b090
-
Size
3.8MB
-
MD5
74b328b3692da088d6c8e9aa239d1b01
-
SHA1
6808bddeac01222b1c968f84efe3851e3d0b3eba
-
SHA256
9a70811b6813db312d066302a240fbade95efad548c33ae8e6b06857bab4b090
-
SHA512
89ef3363e4ef8efb3a29632f0a4bf023c85fda4fa844ec690e265542ec2578693e4b17f167b7a2133365bb28adfc5d2c60260d981ce4011709f4dc4c3aa9bee3
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-