General
-
Target
04c84256fd60f1d8714e1dc6d507d681b3b4fd26b5ff2f04e921533b61bd633c
-
Size
3.8MB
-
Sample
220524-t5nkyadebp
-
MD5
cde4de1b07a571f0746282e00afd6d60
-
SHA1
357de7f1d097559fecf93759b6fe0b7fa0c0fa3e
-
SHA256
04c84256fd60f1d8714e1dc6d507d681b3b4fd26b5ff2f04e921533b61bd633c
-
SHA512
94b4a33f2c82d20d32bd55a57d941e252df3dbd4982ce5ec0bf7af044642ac3179601a7e6c54299b60d7052dc1d486003c14ccaa508822a5960b9f7d168d05fd
Static task
static1
Behavioral task
behavioral1
Sample
04c84256fd60f1d8714e1dc6d507d681b3b4fd26b5ff2f04e921533b61bd633c.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
04c84256fd60f1d8714e1dc6d507d681b3b4fd26b5ff2f04e921533b61bd633c
-
Size
3.8MB
-
MD5
cde4de1b07a571f0746282e00afd6d60
-
SHA1
357de7f1d097559fecf93759b6fe0b7fa0c0fa3e
-
SHA256
04c84256fd60f1d8714e1dc6d507d681b3b4fd26b5ff2f04e921533b61bd633c
-
SHA512
94b4a33f2c82d20d32bd55a57d941e252df3dbd4982ce5ec0bf7af044642ac3179601a7e6c54299b60d7052dc1d486003c14ccaa508822a5960b9f7d168d05fd
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-