General
-
Target
fdb849a09632a193e97a909ff183a3791c295e06567fa336b041ae84be222c6e
-
Size
3.8MB
-
Sample
220524-26h1vafaej
-
MD5
af6b81c72cac30821ab06cf78f97a7fb
-
SHA1
7721627d3c526e9c7dac6889192b8489714b6dd0
-
SHA256
fdb849a09632a193e97a909ff183a3791c295e06567fa336b041ae84be222c6e
-
SHA512
feba9f7f15dfe3aa02cfd2a7445de8065d80a36ca2ca5eb380579abb9f9a9b5f0ddb2499605ada8a2e1f313f14317542120b4e9a39cedc3848f4384575d3ca6c
Static task
static1
Behavioral task
behavioral1
Sample
fdb849a09632a193e97a909ff183a3791c295e06567fa336b041ae84be222c6e.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
fdb849a09632a193e97a909ff183a3791c295e06567fa336b041ae84be222c6e
-
Size
3.8MB
-
MD5
af6b81c72cac30821ab06cf78f97a7fb
-
SHA1
7721627d3c526e9c7dac6889192b8489714b6dd0
-
SHA256
fdb849a09632a193e97a909ff183a3791c295e06567fa336b041ae84be222c6e
-
SHA512
feba9f7f15dfe3aa02cfd2a7445de8065d80a36ca2ca5eb380579abb9f9a9b5f0ddb2499605ada8a2e1f313f14317542120b4e9a39cedc3848f4384575d3ca6c
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-