General
-
Target
9b3a4b8942ff2b2ac6aff13ce8900c307aff69953cd2808d102da78b0a16e95b
-
Size
3.8MB
-
Sample
220524-12qz8ahfe5
-
MD5
abe4faa3999f46c6824b1ca36dc9adb1
-
SHA1
502069cd71b1bc3a114a1b0072a0059b78f7b024
-
SHA256
9b3a4b8942ff2b2ac6aff13ce8900c307aff69953cd2808d102da78b0a16e95b
-
SHA512
afde24f82d183950c1f0e32f2501f6d9b0f4a0b0d91feb58b2d59a150182ef5b9ab273557c5639e78c7e7cc5df59a974fa1386d01a0166ea7a1ba1aa0ac24619
Static task
static1
Behavioral task
behavioral1
Sample
9b3a4b8942ff2b2ac6aff13ce8900c307aff69953cd2808d102da78b0a16e95b.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
9b3a4b8942ff2b2ac6aff13ce8900c307aff69953cd2808d102da78b0a16e95b
-
Size
3.8MB
-
MD5
abe4faa3999f46c6824b1ca36dc9adb1
-
SHA1
502069cd71b1bc3a114a1b0072a0059b78f7b024
-
SHA256
9b3a4b8942ff2b2ac6aff13ce8900c307aff69953cd2808d102da78b0a16e95b
-
SHA512
afde24f82d183950c1f0e32f2501f6d9b0f4a0b0d91feb58b2d59a150182ef5b9ab273557c5639e78c7e7cc5df59a974fa1386d01a0166ea7a1ba1aa0ac24619
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-