General
-
Target
654bb155b156016b8d93c02c6eae5252b495ee123de033fa43faf549f04a5a3d
-
Size
3.9MB
-
Sample
220524-rel83shcbq
-
MD5
d3b8410f12961fe31e3babc3f3c9cd91
-
SHA1
fb7af4fba0c0bd68ba59f7656b543737e7069b7a
-
SHA256
654bb155b156016b8d93c02c6eae5252b495ee123de033fa43faf549f04a5a3d
-
SHA512
70344439a6585b1f48f7736dcc68621d07cf92f9d663b8578457a2288ab72a2c14dcfa90e657ab38e1ff4d53de01d5380f8f48534384e10273e77015beaec948
Static task
static1
Behavioral task
behavioral1
Sample
654bb155b156016b8d93c02c6eae5252b495ee123de033fa43faf549f04a5a3d.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
654bb155b156016b8d93c02c6eae5252b495ee123de033fa43faf549f04a5a3d
-
Size
3.9MB
-
MD5
d3b8410f12961fe31e3babc3f3c9cd91
-
SHA1
fb7af4fba0c0bd68ba59f7656b543737e7069b7a
-
SHA256
654bb155b156016b8d93c02c6eae5252b495ee123de033fa43faf549f04a5a3d
-
SHA512
70344439a6585b1f48f7736dcc68621d07cf92f9d663b8578457a2288ab72a2c14dcfa90e657ab38e1ff4d53de01d5380f8f48534384e10273e77015beaec948
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-