General
-
Target
c7306b248145eb4d8fcfcdec1b112a9b90bd7228302687315af98ea78bac3447
-
Size
3MB
-
Sample
220520-fcpewadcdq
-
MD5
9596e5149c229c48e0e3475563b1ed82
-
SHA1
7a602d3638e83a358a804176c7d2b85aa52fc640
-
SHA256
c7306b248145eb4d8fcfcdec1b112a9b90bd7228302687315af98ea78bac3447
-
SHA512
3921dd5a18247a79ee948c56487ad02ec599a2f0a5f75904e66d35728bed9f0d40d5120a35b55f2887c6fa4f2705d85534b530f53627f325805cb51989a0078e
Static task
static1
Behavioral task
behavioral1
Sample
c7306b248145eb4d8fcfcdec1b112a9b90bd7228302687315af98ea78bac3447.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
c7306b248145eb4d8fcfcdec1b112a9b90bd7228302687315af98ea78bac3447
-
Size
3MB
-
MD5
9596e5149c229c48e0e3475563b1ed82
-
SHA1
7a602d3638e83a358a804176c7d2b85aa52fc640
-
SHA256
c7306b248145eb4d8fcfcdec1b112a9b90bd7228302687315af98ea78bac3447
-
SHA512
3921dd5a18247a79ee948c56487ad02ec599a2f0a5f75904e66d35728bed9f0d40d5120a35b55f2887c6fa4f2705d85534b530f53627f325805cb51989a0078e
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-