General
-
Target
04c2b0724225411cc05499c4a5a086657607e0fc4da2157366c6e6f3f4a77956
-
Size
3.8MB
-
Sample
220524-r2kc1aehb9
-
MD5
40af1a275061666b2f7dba64cb7bbbe9
-
SHA1
c786f07634a5be30e628f6ac903be33475d953cd
-
SHA256
04c2b0724225411cc05499c4a5a086657607e0fc4da2157366c6e6f3f4a77956
-
SHA512
554ab0f23f59d0ac76363a75f6e0c53c097c7d756aac0ea39da9eb3507cab71df6c75b8da2681af322841c04e984fc0ff5fc78f55e49b83806ae2eade1a19c1f
Static task
static1
Behavioral task
behavioral1
Sample
04c2b0724225411cc05499c4a5a086657607e0fc4da2157366c6e6f3f4a77956.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
04c2b0724225411cc05499c4a5a086657607e0fc4da2157366c6e6f3f4a77956
-
Size
3.8MB
-
MD5
40af1a275061666b2f7dba64cb7bbbe9
-
SHA1
c786f07634a5be30e628f6ac903be33475d953cd
-
SHA256
04c2b0724225411cc05499c4a5a086657607e0fc4da2157366c6e6f3f4a77956
-
SHA512
554ab0f23f59d0ac76363a75f6e0c53c097c7d756aac0ea39da9eb3507cab71df6c75b8da2681af322841c04e984fc0ff5fc78f55e49b83806ae2eade1a19c1f
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-