General
-
Target
15012170b2e4e10d2e93cad882d116ed1bf9252f681625c3ec969f090b9d2117
-
Size
3.8MB
-
Sample
220524-sm5aasbcaq
-
MD5
ed33b07f43d2703202e1787ff350b0a1
-
SHA1
f79592d4f5a0f768fee67f30057945f187c1e6cc
-
SHA256
15012170b2e4e10d2e93cad882d116ed1bf9252f681625c3ec969f090b9d2117
-
SHA512
72a794b1b27ef83349dbb0f8033c0f4c219dff424d9f6bf9f5dc3ff2ee5d3953665f15354fda00e59d78a6911efe86dd25eab1a13f5149c8ca8cbd2184a98819
Static task
static1
Behavioral task
behavioral1
Sample
15012170b2e4e10d2e93cad882d116ed1bf9252f681625c3ec969f090b9d2117.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
15012170b2e4e10d2e93cad882d116ed1bf9252f681625c3ec969f090b9d2117
-
Size
3.8MB
-
MD5
ed33b07f43d2703202e1787ff350b0a1
-
SHA1
f79592d4f5a0f768fee67f30057945f187c1e6cc
-
SHA256
15012170b2e4e10d2e93cad882d116ed1bf9252f681625c3ec969f090b9d2117
-
SHA512
72a794b1b27ef83349dbb0f8033c0f4c219dff424d9f6bf9f5dc3ff2ee5d3953665f15354fda00e59d78a6911efe86dd25eab1a13f5149c8ca8cbd2184a98819
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-