General
-
Target
dcd7ddd4bbe35ebe79f85faabb564edbdebc1d3bcb16ad5ab79eac93531974bb
-
Size
3.8MB
-
Sample
220524-1q5dgadbgl
-
MD5
2dfc626b5d8f984fd48d725be44cdc00
-
SHA1
14560e321f87aa491882861802eae2783d8242fe
-
SHA256
dcd7ddd4bbe35ebe79f85faabb564edbdebc1d3bcb16ad5ab79eac93531974bb
-
SHA512
84fcae44ebeae33b7810e9fcd32edce43f0f9a3e9a53323f63f01640bb1f932d983c71bbe82b90e38f8d6ad22527690a3a8681dc424c36832ff8ba2d0d01c5ef
Static task
static1
Behavioral task
behavioral1
Sample
dcd7ddd4bbe35ebe79f85faabb564edbdebc1d3bcb16ad5ab79eac93531974bb.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
dcd7ddd4bbe35ebe79f85faabb564edbdebc1d3bcb16ad5ab79eac93531974bb
-
Size
3.8MB
-
MD5
2dfc626b5d8f984fd48d725be44cdc00
-
SHA1
14560e321f87aa491882861802eae2783d8242fe
-
SHA256
dcd7ddd4bbe35ebe79f85faabb564edbdebc1d3bcb16ad5ab79eac93531974bb
-
SHA512
84fcae44ebeae33b7810e9fcd32edce43f0f9a3e9a53323f63f01640bb1f932d983c71bbe82b90e38f8d6ad22527690a3a8681dc424c36832ff8ba2d0d01c5ef
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-