General
-
Target
2e5280f5bd57205a3f4034a1bbe8b0ae697f2a68fb77775dc33c18b78628efdf
-
Size
3.9MB
-
Sample
220524-a1yessdgdp
-
MD5
f0ba0b617c4f6be9bb0091003dd55a18
-
SHA1
dcc4ecfc0016ae1a649929f29ae87eaae1fac9a7
-
SHA256
2e5280f5bd57205a3f4034a1bbe8b0ae697f2a68fb77775dc33c18b78628efdf
-
SHA512
9ebefffdf4bc6aa73e03dcb105ad327b170dbbb03746e43f4ce59571f19c27b5ee722dfaa7bc384b90cfd44648bb2550c2beb29be71ab649c7564e10cdb9a8ff
Static task
static1
Behavioral task
behavioral1
Sample
2e5280f5bd57205a3f4034a1bbe8b0ae697f2a68fb77775dc33c18b78628efdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2e5280f5bd57205a3f4034a1bbe8b0ae697f2a68fb77775dc33c18b78628efdf.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
2e5280f5bd57205a3f4034a1bbe8b0ae697f2a68fb77775dc33c18b78628efdf
-
Size
3.9MB
-
MD5
f0ba0b617c4f6be9bb0091003dd55a18
-
SHA1
dcc4ecfc0016ae1a649929f29ae87eaae1fac9a7
-
SHA256
2e5280f5bd57205a3f4034a1bbe8b0ae697f2a68fb77775dc33c18b78628efdf
-
SHA512
9ebefffdf4bc6aa73e03dcb105ad327b170dbbb03746e43f4ce59571f19c27b5ee722dfaa7bc384b90cfd44648bb2550c2beb29be71ab649c7564e10cdb9a8ff
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-