General
-
Target
421d4402284cb656da176a2ab558c207806691b6ce1b6775d657837decf17795
-
Size
3.8MB
-
Sample
220524-rxpf6aeed4
-
MD5
ae476a1ef84599b317adac0e04a512b6
-
SHA1
6b30b26ef736dc6795bdc13a9592b963cfc22c29
-
SHA256
421d4402284cb656da176a2ab558c207806691b6ce1b6775d657837decf17795
-
SHA512
36600ef322d3dfb3df31990562fc9aba963e3eb976574b7d18e23484e56985051e51d56b45da98202f2dd42805501582bb6a348f744538f7f6709a25af22d1f2
Static task
static1
Behavioral task
behavioral1
Sample
421d4402284cb656da176a2ab558c207806691b6ce1b6775d657837decf17795.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
421d4402284cb656da176a2ab558c207806691b6ce1b6775d657837decf17795
-
Size
3.8MB
-
MD5
ae476a1ef84599b317adac0e04a512b6
-
SHA1
6b30b26ef736dc6795bdc13a9592b963cfc22c29
-
SHA256
421d4402284cb656da176a2ab558c207806691b6ce1b6775d657837decf17795
-
SHA512
36600ef322d3dfb3df31990562fc9aba963e3eb976574b7d18e23484e56985051e51d56b45da98202f2dd42805501582bb6a348f744538f7f6709a25af22d1f2
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-