General
-
Target
42ede32137e2dfccbe5a6c06da78b8814b14b521364250a948088442c7b5cedf
-
Size
3.9MB
-
Sample
220524-14bcjsdfdk
-
MD5
c3abfb427c8238dc3fb5a62fb9b048d5
-
SHA1
7fed650295f4b5ffe2388ac5e19b6cc3e4c16601
-
SHA256
42ede32137e2dfccbe5a6c06da78b8814b14b521364250a948088442c7b5cedf
-
SHA512
59ac9803102c17756338de539a718120cf95c44c4e2a5ef0bfa9d7aa5523d99ca9fd1784d3975581c401a5cc572aa04eb1380bcfc684a04011b85752f004661f
Static task
static1
Behavioral task
behavioral1
Sample
42ede32137e2dfccbe5a6c06da78b8814b14b521364250a948088442c7b5cedf.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
42ede32137e2dfccbe5a6c06da78b8814b14b521364250a948088442c7b5cedf
-
Size
3.9MB
-
MD5
c3abfb427c8238dc3fb5a62fb9b048d5
-
SHA1
7fed650295f4b5ffe2388ac5e19b6cc3e4c16601
-
SHA256
42ede32137e2dfccbe5a6c06da78b8814b14b521364250a948088442c7b5cedf
-
SHA512
59ac9803102c17756338de539a718120cf95c44c4e2a5ef0bfa9d7aa5523d99ca9fd1784d3975581c401a5cc572aa04eb1380bcfc684a04011b85752f004661f
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-