General
-
Target
9d5c364e8745f796a5875e52b5e2a33ee1fb882d833442251d5e283573af38a8
-
Size
3.9MB
-
Sample
220521-a1yessebbk
-
MD5
1a1bc06765f3db1c9552b0aea6a59145
-
SHA1
97ae8124b82fa55ce3a41d6f226817caf5eabc11
-
SHA256
9d5c364e8745f796a5875e52b5e2a33ee1fb882d833442251d5e283573af38a8
-
SHA512
edb396aefe69d9bc4b3179b6e7b6e8052ae4a356d88486d88a93721c255debcc3611b6dd00c706381e9dcdfa883936554efb3f733d2bd67b100da51b771a49af
Static task
static1
Behavioral task
behavioral1
Sample
9d5c364e8745f796a5875e52b5e2a33ee1fb882d833442251d5e283573af38a8.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
9d5c364e8745f796a5875e52b5e2a33ee1fb882d833442251d5e283573af38a8
-
Size
3.9MB
-
MD5
1a1bc06765f3db1c9552b0aea6a59145
-
SHA1
97ae8124b82fa55ce3a41d6f226817caf5eabc11
-
SHA256
9d5c364e8745f796a5875e52b5e2a33ee1fb882d833442251d5e283573af38a8
-
SHA512
edb396aefe69d9bc4b3179b6e7b6e8052ae4a356d88486d88a93721c255debcc3611b6dd00c706381e9dcdfa883936554efb3f733d2bd67b100da51b771a49af
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-