General
-
Target
51baa76cb69b58bb9c5d89dd0d410fb9e1ab18d763f85a94973786309a6b9744
-
Size
3.8MB
-
Sample
220521-b4n6zagaen
-
MD5
0d5405d0c31b0b5179c2d1623e7c3ac1
-
SHA1
bd9135dd36e3ea7ee7e6711db7cbf3c68db65fdc
-
SHA256
51baa76cb69b58bb9c5d89dd0d410fb9e1ab18d763f85a94973786309a6b9744
-
SHA512
0da93164a3619a52d8f9c82de2d7697cc490e775787bfc22963852fa27edc7b93d0a09d2b154783c175f00a8247f0cbcbd6f69f1bc71b52a7a8a67915192def2
Static task
static1
Behavioral task
behavioral1
Sample
51baa76cb69b58bb9c5d89dd0d410fb9e1ab18d763f85a94973786309a6b9744.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
51baa76cb69b58bb9c5d89dd0d410fb9e1ab18d763f85a94973786309a6b9744.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
51baa76cb69b58bb9c5d89dd0d410fb9e1ab18d763f85a94973786309a6b9744
-
Size
3.8MB
-
MD5
0d5405d0c31b0b5179c2d1623e7c3ac1
-
SHA1
bd9135dd36e3ea7ee7e6711db7cbf3c68db65fdc
-
SHA256
51baa76cb69b58bb9c5d89dd0d410fb9e1ab18d763f85a94973786309a6b9744
-
SHA512
0da93164a3619a52d8f9c82de2d7697cc490e775787bfc22963852fa27edc7b93d0a09d2b154783c175f00a8247f0cbcbd6f69f1bc71b52a7a8a67915192def2
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-