General
-
Target
3561dffe964c364f7f95acad869ff06c68c8753278a692e3c094f5d311b0612d
-
Size
3.8MB
-
Sample
220524-s931racbhn
-
MD5
6a11fc6abb88d752274472eb74bc6c06
-
SHA1
269d92c8b1328b9bf17d7b03bea0881ce8c0c767
-
SHA256
3561dffe964c364f7f95acad869ff06c68c8753278a692e3c094f5d311b0612d
-
SHA512
6becc6ba63e6842848e9bcad08660e1bfeba93ad39412d0562ab35d3e87b1ef4f473ed275ef58ab9a5c03158fe9ab882b6aa5e3c0ebfde3493233825ee01803d
Static task
static1
Behavioral task
behavioral1
Sample
3561dffe964c364f7f95acad869ff06c68c8753278a692e3c094f5d311b0612d.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3561dffe964c364f7f95acad869ff06c68c8753278a692e3c094f5d311b0612d.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
3561dffe964c364f7f95acad869ff06c68c8753278a692e3c094f5d311b0612d
-
Size
3.8MB
-
MD5
6a11fc6abb88d752274472eb74bc6c06
-
SHA1
269d92c8b1328b9bf17d7b03bea0881ce8c0c767
-
SHA256
3561dffe964c364f7f95acad869ff06c68c8753278a692e3c094f5d311b0612d
-
SHA512
6becc6ba63e6842848e9bcad08660e1bfeba93ad39412d0562ab35d3e87b1ef4f473ed275ef58ab9a5c03158fe9ab882b6aa5e3c0ebfde3493233825ee01803d
-
Glupteba Payload
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-