General
-
Target
bc20d017a6767bb0a8072340e29b633f3057940ced871219dc4cd3fab83b722e
-
Size
3.9MB
-
Sample
220524-spt74sbchj
-
MD5
65d01de320e3a436c774fb370f7a6019
-
SHA1
b4c32f9e8c074ff67e4f3508ece73243c0d98d48
-
SHA256
bc20d017a6767bb0a8072340e29b633f3057940ced871219dc4cd3fab83b722e
-
SHA512
7901aa50f747df43091f59b69aed427ea68bff92375f7b00013c0cfe31c86fede543107e447d2308469ef07d8630046221592e5e512957563cd07817cc05878c
Static task
static1
Behavioral task
behavioral1
Sample
bc20d017a6767bb0a8072340e29b633f3057940ced871219dc4cd3fab83b722e.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
bc20d017a6767bb0a8072340e29b633f3057940ced871219dc4cd3fab83b722e
-
Size
3.9MB
-
MD5
65d01de320e3a436c774fb370f7a6019
-
SHA1
b4c32f9e8c074ff67e4f3508ece73243c0d98d48
-
SHA256
bc20d017a6767bb0a8072340e29b633f3057940ced871219dc4cd3fab83b722e
-
SHA512
7901aa50f747df43091f59b69aed427ea68bff92375f7b00013c0cfe31c86fede543107e447d2308469ef07d8630046221592e5e512957563cd07817cc05878c
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Suspicious use of SetThreadContext
-