General
-
Target
cfcee9378aacb84c082b3e8e6f249baa66f9758ecd0709e8d1a5b618396a1d5e
-
Size
3.7MB
-
Sample
220524-qxfctacgg7
-
MD5
720a612077a422109df3c8945e088308
-
SHA1
14ae2f30c62b716dc97c58d3dfc7954143f950d7
-
SHA256
cfcee9378aacb84c082b3e8e6f249baa66f9758ecd0709e8d1a5b618396a1d5e
-
SHA512
83e6e64774e7d878d6badabc7222861c45fe0651368475211d4a392091874a5d3d40bcc0532b2e7c99e28e48f64a3dd1d5393603574e3d318c9a55099219088b
Static task
static1
Behavioral task
behavioral1
Sample
cfcee9378aacb84c082b3e8e6f249baa66f9758ecd0709e8d1a5b618396a1d5e.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
cfcee9378aacb84c082b3e8e6f249baa66f9758ecd0709e8d1a5b618396a1d5e
-
Size
3.7MB
-
MD5
720a612077a422109df3c8945e088308
-
SHA1
14ae2f30c62b716dc97c58d3dfc7954143f950d7
-
SHA256
cfcee9378aacb84c082b3e8e6f249baa66f9758ecd0709e8d1a5b618396a1d5e
-
SHA512
83e6e64774e7d878d6badabc7222861c45fe0651368475211d4a392091874a5d3d40bcc0532b2e7c99e28e48f64a3dd1d5393603574e3d318c9a55099219088b
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup
suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Drops file in System32 directory
-