General
-
Target
6daa588bfecc4432cb6e1aaa2f682cee9fc40ce1a5a931300f3110c4f738c195
-
Size
3.9MB
-
Sample
220524-1tcsmahda7
-
MD5
845ea5e600e1106dad9d929650cda38d
-
SHA1
790a0fdb2fba67ea44823ecf8ba2eb45203fb781
-
SHA256
6daa588bfecc4432cb6e1aaa2f682cee9fc40ce1a5a931300f3110c4f738c195
-
SHA512
8d60a50a1be2caf13602d26c27610848dc0110824b4ba354e7fdd25d01ab76dee3df8882393a384a92bc6adf80be733586040eca2781eaf01ec1b897a450a778
Static task
static1
Behavioral task
behavioral1
Sample
6daa588bfecc4432cb6e1aaa2f682cee9fc40ce1a5a931300f3110c4f738c195.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
6daa588bfecc4432cb6e1aaa2f682cee9fc40ce1a5a931300f3110c4f738c195
-
Size
3.9MB
-
MD5
845ea5e600e1106dad9d929650cda38d
-
SHA1
790a0fdb2fba67ea44823ecf8ba2eb45203fb781
-
SHA256
6daa588bfecc4432cb6e1aaa2f682cee9fc40ce1a5a931300f3110c4f738c195
-
SHA512
8d60a50a1be2caf13602d26c27610848dc0110824b4ba354e7fdd25d01ab76dee3df8882393a384a92bc6adf80be733586040eca2781eaf01ec1b897a450a778
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-