General
-
Target
803f140bd2b1a74fe2334a0f68337fbd85adc6074dff8fc6bea58b6f2a5ab457
-
Size
3.8MB
-
Sample
220520-w5yr1scad5
-
MD5
468dcdb06c6733d0048a75360d52e1a4
-
SHA1
eb1ad2cb3ddb7ac6560cf30cc7c286bd31989b1d
-
SHA256
803f140bd2b1a74fe2334a0f68337fbd85adc6074dff8fc6bea58b6f2a5ab457
-
SHA512
b78b6e303b4264727e157e559fcb947c7016087e453d4449001a5378297fc6306cec59aabec418f4a08e32101d7e74eca689a8801de451dbb76c5e696f4b0909
Static task
static1
Behavioral task
behavioral1
Sample
803f140bd2b1a74fe2334a0f68337fbd85adc6074dff8fc6bea58b6f2a5ab457.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
803f140bd2b1a74fe2334a0f68337fbd85adc6074dff8fc6bea58b6f2a5ab457.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
803f140bd2b1a74fe2334a0f68337fbd85adc6074dff8fc6bea58b6f2a5ab457
-
Size
3.8MB
-
MD5
468dcdb06c6733d0048a75360d52e1a4
-
SHA1
eb1ad2cb3ddb7ac6560cf30cc7c286bd31989b1d
-
SHA256
803f140bd2b1a74fe2334a0f68337fbd85adc6074dff8fc6bea58b6f2a5ab457
-
SHA512
b78b6e303b4264727e157e559fcb947c7016087e453d4449001a5378297fc6306cec59aabec418f4a08e32101d7e74eca689a8801de451dbb76c5e696f4b0909
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-