General
-
Target
cdbc70a5bce6d5c7c10882f2d84d899385fe2833b40dba200917926c66ff34c6
-
Size
3.8MB
-
Sample
220524-qxv39scgh5
-
MD5
4a000400f17b48589a88c179e6a1d77b
-
SHA1
2d589c7e3787c5390d453813422f5f12b8dda608
-
SHA256
cdbc70a5bce6d5c7c10882f2d84d899385fe2833b40dba200917926c66ff34c6
-
SHA512
60b5efa71e7b7c610ca8d5584ac587659a5bd1109f8a972ab43e7f1ca98a4a10d70d47b243988c3a38cbe42b01dea5ebd702ac7ff0ca7636cf9a99086b192cbc
Static task
static1
Behavioral task
behavioral1
Sample
cdbc70a5bce6d5c7c10882f2d84d899385fe2833b40dba200917926c66ff34c6.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
cdbc70a5bce6d5c7c10882f2d84d899385fe2833b40dba200917926c66ff34c6
-
Size
3.8MB
-
MD5
4a000400f17b48589a88c179e6a1d77b
-
SHA1
2d589c7e3787c5390d453813422f5f12b8dda608
-
SHA256
cdbc70a5bce6d5c7c10882f2d84d899385fe2833b40dba200917926c66ff34c6
-
SHA512
60b5efa71e7b7c610ca8d5584ac587659a5bd1109f8a972ab43e7f1ca98a4a10d70d47b243988c3a38cbe42b01dea5ebd702ac7ff0ca7636cf9a99086b192cbc
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-