General
-
Target
d6aecf3c47febe77d956c42bf102d56237538806f961324df15973175584bcb2
-
Size
3.9MB
-
Sample
220524-rtr3wahhgm
-
MD5
cd6901e634b1cebe5aaee164ad4a1f99
-
SHA1
bcd9241bde4ad8630c2bb1b8e0a36ab38bf40c05
-
SHA256
d6aecf3c47febe77d956c42bf102d56237538806f961324df15973175584bcb2
-
SHA512
f924fc11e9c94a9bc3f6f23bc8424b83d6fc3f60333e3053e7fe75752abf6edabd7ac3a12da41fa5db24378e8d3dfad03a10aae236a0eb0434f8ff9466895529
Static task
static1
Behavioral task
behavioral1
Sample
d6aecf3c47febe77d956c42bf102d56237538806f961324df15973175584bcb2.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
d6aecf3c47febe77d956c42bf102d56237538806f961324df15973175584bcb2
-
Size
3.9MB
-
MD5
cd6901e634b1cebe5aaee164ad4a1f99
-
SHA1
bcd9241bde4ad8630c2bb1b8e0a36ab38bf40c05
-
SHA256
d6aecf3c47febe77d956c42bf102d56237538806f961324df15973175584bcb2
-
SHA512
f924fc11e9c94a9bc3f6f23bc8424b83d6fc3f60333e3053e7fe75752abf6edabd7ac3a12da41fa5db24378e8d3dfad03a10aae236a0eb0434f8ff9466895529
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-