General
-
Target
59fea5e1012febef552be4ad0cac971bd335783c49600471fcc6e8d2bc4fb410
-
Size
3.8MB
-
Sample
220524-11zwqshfc2
-
MD5
be737bbd92519d634ee9f64ec3b921a9
-
SHA1
2f774c2aa118105f6c01a612323a36b130703616
-
SHA256
59fea5e1012febef552be4ad0cac971bd335783c49600471fcc6e8d2bc4fb410
-
SHA512
41a0842892b1e9ba3fd4a776b6427539ca2f5907887ca6fc5d6e0c0f43b8a4354bebe0a005cde572d8a65871cf8167ec5fc3a31c1f159cfef443f07d657309e5
Static task
static1
Behavioral task
behavioral1
Sample
59fea5e1012febef552be4ad0cac971bd335783c49600471fcc6e8d2bc4fb410.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
59fea5e1012febef552be4ad0cac971bd335783c49600471fcc6e8d2bc4fb410
-
Size
3.8MB
-
MD5
be737bbd92519d634ee9f64ec3b921a9
-
SHA1
2f774c2aa118105f6c01a612323a36b130703616
-
SHA256
59fea5e1012febef552be4ad0cac971bd335783c49600471fcc6e8d2bc4fb410
-
SHA512
41a0842892b1e9ba3fd4a776b6427539ca2f5907887ca6fc5d6e0c0f43b8a4354bebe0a005cde572d8a65871cf8167ec5fc3a31c1f159cfef443f07d657309e5
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-