General
-
Target
d0ae18cbfb9b9c077d455f08393f329f8294ba7697aaa5569bf339d683ddfb6b
-
Size
3.8MB
-
Sample
220524-q5hsxagehl
-
MD5
b298db4db0a03f5503a15988a25cf9cb
-
SHA1
faecd0b57db3caeaea880b22534b7e5db9a84f19
-
SHA256
d0ae18cbfb9b9c077d455f08393f329f8294ba7697aaa5569bf339d683ddfb6b
-
SHA512
e09cece376179c32e13d91e79a3d7c0c714b8e16d301a01f439d5a5dc27a95212a92c95bc7538096e7cda4291bdb4d8484aa34212a58a2ecb7f4622141ae70fe
Static task
static1
Behavioral task
behavioral1
Sample
d0ae18cbfb9b9c077d455f08393f329f8294ba7697aaa5569bf339d683ddfb6b.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
d0ae18cbfb9b9c077d455f08393f329f8294ba7697aaa5569bf339d683ddfb6b
-
Size
3.8MB
-
MD5
b298db4db0a03f5503a15988a25cf9cb
-
SHA1
faecd0b57db3caeaea880b22534b7e5db9a84f19
-
SHA256
d0ae18cbfb9b9c077d455f08393f329f8294ba7697aaa5569bf339d683ddfb6b
-
SHA512
e09cece376179c32e13d91e79a3d7c0c714b8e16d301a01f439d5a5dc27a95212a92c95bc7538096e7cda4291bdb4d8484aa34212a58a2ecb7f4622141ae70fe
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-