General
-
Target
d062e72c4a693d8a3a19570a10e0951eeed2040a2d8019b116269c348db78a90
-
Size
3.9MB
-
Sample
220524-cy6phafghp
-
MD5
de7029a8adb05fd10cafd0ef1df1fb90
-
SHA1
32d1100326f06828b50b9f58b42a3dbc5adad91b
-
SHA256
d062e72c4a693d8a3a19570a10e0951eeed2040a2d8019b116269c348db78a90
-
SHA512
5866ab74a59c60495d9b72ac9e121a7353729f7ed86842c741b457fe8a86280f05a174e32a12999da823a1535a2101a537aec96bf64bfbba078d407a8e1d8ce7
Static task
static1
Behavioral task
behavioral1
Sample
d062e72c4a693d8a3a19570a10e0951eeed2040a2d8019b116269c348db78a90.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
d062e72c4a693d8a3a19570a10e0951eeed2040a2d8019b116269c348db78a90.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
d062e72c4a693d8a3a19570a10e0951eeed2040a2d8019b116269c348db78a90
-
Size
3.9MB
-
MD5
de7029a8adb05fd10cafd0ef1df1fb90
-
SHA1
32d1100326f06828b50b9f58b42a3dbc5adad91b
-
SHA256
d062e72c4a693d8a3a19570a10e0951eeed2040a2d8019b116269c348db78a90
-
SHA512
5866ab74a59c60495d9b72ac9e121a7353729f7ed86842c741b457fe8a86280f05a174e32a12999da823a1535a2101a537aec96bf64bfbba078d407a8e1d8ce7
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-