General
-
Target
0640ebcd10c12c2d4704b20200eb474e15007a9fa494f892c40536d950528b6e
-
Size
3.8MB
-
Sample
220524-rbkk3sdfd3
-
MD5
da1988969d24b1f187c1fa8885ae91f8
-
SHA1
4817097ba08b75653a4b32e7c1a207d8aae437ea
-
SHA256
0640ebcd10c12c2d4704b20200eb474e15007a9fa494f892c40536d950528b6e
-
SHA512
c8fa5bdd0e615ef66ad31e2d84fb6297745621a892b088b9499f49157f39e4cda3a99186ef4b1af628cde3e527642583efd9ae78af987a8c1017ee508589e6e4
Static task
static1
Behavioral task
behavioral1
Sample
0640ebcd10c12c2d4704b20200eb474e15007a9fa494f892c40536d950528b6e.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
0640ebcd10c12c2d4704b20200eb474e15007a9fa494f892c40536d950528b6e
-
Size
3.8MB
-
MD5
da1988969d24b1f187c1fa8885ae91f8
-
SHA1
4817097ba08b75653a4b32e7c1a207d8aae437ea
-
SHA256
0640ebcd10c12c2d4704b20200eb474e15007a9fa494f892c40536d950528b6e
-
SHA512
c8fa5bdd0e615ef66ad31e2d84fb6297745621a892b088b9499f49157f39e4cda3a99186ef4b1af628cde3e527642583efd9ae78af987a8c1017ee508589e6e4
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-