General
-
Target
287621cbd3dd3c8cfa36ea8482dd66be0eba17b701a1578251ec10cf4c04afb9
-
Size
3.8MB
-
Sample
220523-z89v8sccbn
-
MD5
2d48cb04270279d2671002d34e14153a
-
SHA1
952c2fb3dc4557c49b0b91b3ee6a19083e455d81
-
SHA256
287621cbd3dd3c8cfa36ea8482dd66be0eba17b701a1578251ec10cf4c04afb9
-
SHA512
aa83e36687809cb30efda459b3f510ef5878f01985b678bc7bfa7c5965fa99d9257ff270219a618e29920a8230ee8f074d96eaf04873223388e86af0be8ad62e
Static task
static1
Behavioral task
behavioral1
Sample
287621cbd3dd3c8cfa36ea8482dd66be0eba17b701a1578251ec10cf4c04afb9.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
287621cbd3dd3c8cfa36ea8482dd66be0eba17b701a1578251ec10cf4c04afb9.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
287621cbd3dd3c8cfa36ea8482dd66be0eba17b701a1578251ec10cf4c04afb9
-
Size
3.8MB
-
MD5
2d48cb04270279d2671002d34e14153a
-
SHA1
952c2fb3dc4557c49b0b91b3ee6a19083e455d81
-
SHA256
287621cbd3dd3c8cfa36ea8482dd66be0eba17b701a1578251ec10cf4c04afb9
-
SHA512
aa83e36687809cb30efda459b3f510ef5878f01985b678bc7bfa7c5965fa99d9257ff270219a618e29920a8230ee8f074d96eaf04873223388e86af0be8ad62e
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-