General
-
Target
eeedd429ec07e57a7aca96b786584d3b4da4d71a42f2867598e2513fe17012f4
-
Size
3.8MB
-
Sample
220524-eb317sefd4
-
MD5
7796324b830619a5e77bce3c52bdee71
-
SHA1
49e2c8e7fc979a2a6e988174c5f1c3adc3eba523
-
SHA256
eeedd429ec07e57a7aca96b786584d3b4da4d71a42f2867598e2513fe17012f4
-
SHA512
86c20ab791350b852d007b77fd3667f6430faabede88fb5b8b259d1a7133bb833cd6d9ca2e1f5cc72b0e02e9199bb190d86d56d8ad9976111bd980c25c1927a9
Static task
static1
Behavioral task
behavioral1
Sample
eeedd429ec07e57a7aca96b786584d3b4da4d71a42f2867598e2513fe17012f4.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
eeedd429ec07e57a7aca96b786584d3b4da4d71a42f2867598e2513fe17012f4
-
Size
3.8MB
-
MD5
7796324b830619a5e77bce3c52bdee71
-
SHA1
49e2c8e7fc979a2a6e988174c5f1c3adc3eba523
-
SHA256
eeedd429ec07e57a7aca96b786584d3b4da4d71a42f2867598e2513fe17012f4
-
SHA512
86c20ab791350b852d007b77fd3667f6430faabede88fb5b8b259d1a7133bb833cd6d9ca2e1f5cc72b0e02e9199bb190d86d56d8ad9976111bd980c25c1927a9
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup
suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-