General
-
Target
1269399667ab00025edf1869d1b9c08c314c6bff346b710cedf29bfc87d3d9e8
-
Size
3.8MB
-
Sample
220524-q6lk7adbg7
-
MD5
8fb84447f0e6d3f9bee0e4c187cd88a7
-
SHA1
802e1300a0563b1b87e079e0ae90266ec69b5591
-
SHA256
1269399667ab00025edf1869d1b9c08c314c6bff346b710cedf29bfc87d3d9e8
-
SHA512
66853b67011967fbd05d2f96e3ca94ac467be113673e18cbcfda91e853dc19b10ef05436cca69a997d725b254bbd9e086fc1ff09ba76fadc3dee9e52144bd8eb
Static task
static1
Behavioral task
behavioral1
Sample
1269399667ab00025edf1869d1b9c08c314c6bff346b710cedf29bfc87d3d9e8.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
1269399667ab00025edf1869d1b9c08c314c6bff346b710cedf29bfc87d3d9e8
-
Size
3.8MB
-
MD5
8fb84447f0e6d3f9bee0e4c187cd88a7
-
SHA1
802e1300a0563b1b87e079e0ae90266ec69b5591
-
SHA256
1269399667ab00025edf1869d1b9c08c314c6bff346b710cedf29bfc87d3d9e8
-
SHA512
66853b67011967fbd05d2f96e3ca94ac467be113673e18cbcfda91e853dc19b10ef05436cca69a997d725b254bbd9e086fc1ff09ba76fadc3dee9e52144bd8eb
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-