General
-
Target
1c05d7f6a1e50234794c0fe9dc4fc78322949a0d848a8732ee426818f178afb8
-
Size
3.8MB
-
Sample
220524-ry5jrseeh5
-
MD5
aed02cb78efc9a8cbb610fca16dd0072
-
SHA1
691514a28750ce5c441aef1e65a6ff374ec9bb32
-
SHA256
1c05d7f6a1e50234794c0fe9dc4fc78322949a0d848a8732ee426818f178afb8
-
SHA512
d2be062431a17dbc7ea4f4ba57fac4fe50d3e694bbf9c94d2a253476223685cd9f28ab94ee3bde7c4d42b7d8eb6f9b0285772e3f0e1307cd3bf8f31e80564d1a
Static task
static1
Behavioral task
behavioral1
Sample
1c05d7f6a1e50234794c0fe9dc4fc78322949a0d848a8732ee426818f178afb8.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
1c05d7f6a1e50234794c0fe9dc4fc78322949a0d848a8732ee426818f178afb8
-
Size
3.8MB
-
MD5
aed02cb78efc9a8cbb610fca16dd0072
-
SHA1
691514a28750ce5c441aef1e65a6ff374ec9bb32
-
SHA256
1c05d7f6a1e50234794c0fe9dc4fc78322949a0d848a8732ee426818f178afb8
-
SHA512
d2be062431a17dbc7ea4f4ba57fac4fe50d3e694bbf9c94d2a253476223685cd9f28ab94ee3bde7c4d42b7d8eb6f9b0285772e3f0e1307cd3bf8f31e80564d1a
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-