General
-
Target
012da1ac8aef03c11c092080e7d53ae081527bb8f1ea8ce6ca32a13e4a80ff7e
-
Size
3.8MB
-
Sample
220524-s6k1rsgda8
-
MD5
7f61bd3309155220a1dd52467ced030d
-
SHA1
a1aef874ce35b133677cb9399f70925ef56cf4ca
-
SHA256
012da1ac8aef03c11c092080e7d53ae081527bb8f1ea8ce6ca32a13e4a80ff7e
-
SHA512
e92ade13d28d0b8e9d84371818ca5a228c33e7fffcc02778735a17f6e5a646012c0888b3dbe4d953632e2b2924a08eec5f6e740a5a7618fbe0fad9332b512d4f
Static task
static1
Behavioral task
behavioral1
Sample
012da1ac8aef03c11c092080e7d53ae081527bb8f1ea8ce6ca32a13e4a80ff7e.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
012da1ac8aef03c11c092080e7d53ae081527bb8f1ea8ce6ca32a13e4a80ff7e
-
Size
3.8MB
-
MD5
7f61bd3309155220a1dd52467ced030d
-
SHA1
a1aef874ce35b133677cb9399f70925ef56cf4ca
-
SHA256
012da1ac8aef03c11c092080e7d53ae081527bb8f1ea8ce6ca32a13e4a80ff7e
-
SHA512
e92ade13d28d0b8e9d84371818ca5a228c33e7fffcc02778735a17f6e5a646012c0888b3dbe4d953632e2b2924a08eec5f6e740a5a7618fbe0fad9332b512d4f
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-