General
-
Target
bfd3d410e0062b1a1949e753597b59ab5fd3b64855cf0cf8b215fa98ddd90dc8
-
Size
3.8MB
-
Sample
220520-hvwb9aaacq
-
MD5
8c3064332c06033b41fa36b82aa425b5
-
SHA1
331a6343c6fbe5c5e22944f104bd86cb11c80d97
-
SHA256
bfd3d410e0062b1a1949e753597b59ab5fd3b64855cf0cf8b215fa98ddd90dc8
-
SHA512
a53755532b237d3bb1ac5f1ad89adec66edae8ca913a1de433fdb46fbe4c7681643d6d9efa8174bed300ac60edf12bda34d36e148e2b543741a0a10ef17d8e01
Static task
static1
Behavioral task
behavioral1
Sample
bfd3d410e0062b1a1949e753597b59ab5fd3b64855cf0cf8b215fa98ddd90dc8.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
bfd3d410e0062b1a1949e753597b59ab5fd3b64855cf0cf8b215fa98ddd90dc8
-
Size
3.8MB
-
MD5
8c3064332c06033b41fa36b82aa425b5
-
SHA1
331a6343c6fbe5c5e22944f104bd86cb11c80d97
-
SHA256
bfd3d410e0062b1a1949e753597b59ab5fd3b64855cf0cf8b215fa98ddd90dc8
-
SHA512
a53755532b237d3bb1ac5f1ad89adec66edae8ca913a1de433fdb46fbe4c7681643d6d9efa8174bed300ac60edf12bda34d36e148e2b543741a0a10ef17d8e01
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Modifies boot configuration data using bcdedit
-