General
-
Target
97a9ca08fee98a34adfdb1e8e19559bff624bd7d094b2cd80c9629b7a426440d
-
Size
3.8MB
-
Sample
220524-day57agdbj
-
MD5
6b25f01b08dada97878d7a7409b4c100
-
SHA1
cc411194050b944d1a88223adaa76b99878c183c
-
SHA256
97a9ca08fee98a34adfdb1e8e19559bff624bd7d094b2cd80c9629b7a426440d
-
SHA512
b27dc0e29fb4f979647220072bdf3e05f51a022aa119a5fe24d6fbcdc357dc865f42eaae72791220b1bd71e5e94d72b0bbfb6fe7074e2a13a67e9f27bfe42427
Static task
static1
Behavioral task
behavioral1
Sample
97a9ca08fee98a34adfdb1e8e19559bff624bd7d094b2cd80c9629b7a426440d.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
97a9ca08fee98a34adfdb1e8e19559bff624bd7d094b2cd80c9629b7a426440d
-
Size
3.8MB
-
MD5
6b25f01b08dada97878d7a7409b4c100
-
SHA1
cc411194050b944d1a88223adaa76b99878c183c
-
SHA256
97a9ca08fee98a34adfdb1e8e19559bff624bd7d094b2cd80c9629b7a426440d
-
SHA512
b27dc0e29fb4f979647220072bdf3e05f51a022aa119a5fe24d6fbcdc357dc865f42eaae72791220b1bd71e5e94d72b0bbfb6fe7074e2a13a67e9f27bfe42427
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Suspicious use of SetThreadContext
-