General
-
Target
025f3da46d16a6a0179a27b0f26d082e29358254a22e6af887b03106e9e9048c
-
Size
3.8MB
-
Sample
220524-dsdbfadgd7
-
MD5
e2bcfb552fd8fdb88da751306f4bea2a
-
SHA1
b99331f2858f7ee67ea907419c0769fe2279b672
-
SHA256
025f3da46d16a6a0179a27b0f26d082e29358254a22e6af887b03106e9e9048c
-
SHA512
31746515c1278da7a61e6d3a189eb42415265d6d5b364773bd3abd6284d5d7782792c1a357c20e18aca1820db17ea160eec9fa406c2f1019c322de390f262767
Static task
static1
Behavioral task
behavioral1
Sample
025f3da46d16a6a0179a27b0f26d082e29358254a22e6af887b03106e9e9048c.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
025f3da46d16a6a0179a27b0f26d082e29358254a22e6af887b03106e9e9048c.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
025f3da46d16a6a0179a27b0f26d082e29358254a22e6af887b03106e9e9048c
-
Size
3.8MB
-
MD5
e2bcfb552fd8fdb88da751306f4bea2a
-
SHA1
b99331f2858f7ee67ea907419c0769fe2279b672
-
SHA256
025f3da46d16a6a0179a27b0f26d082e29358254a22e6af887b03106e9e9048c
-
SHA512
31746515c1278da7a61e6d3a189eb42415265d6d5b364773bd3abd6284d5d7782792c1a357c20e18aca1820db17ea160eec9fa406c2f1019c322de390f262767
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-