General
-
Target
ed5863dca5a1a18030f9730c0344dbdd2d16a323194085f577640d8addd9a87d
-
Size
3.8MB
-
Sample
220524-td7vhacdgn
-
MD5
ef239eb6a8c5d23334c8a7a813fbd556
-
SHA1
b4aa99efc4ae0896737649042b43daeaa33efbaa
-
SHA256
ed5863dca5a1a18030f9730c0344dbdd2d16a323194085f577640d8addd9a87d
-
SHA512
d913c1bca7041a411fdb04031b7b3b1008035c14912058ab2b8619152e7fb8d3928e899d0e4dd6a11fccb590091aed9b1cd8c8ad9792c074e77c7d9387c4704b
Static task
static1
Behavioral task
behavioral1
Sample
ed5863dca5a1a18030f9730c0344dbdd2d16a323194085f577640d8addd9a87d.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
ed5863dca5a1a18030f9730c0344dbdd2d16a323194085f577640d8addd9a87d
-
Size
3.8MB
-
MD5
ef239eb6a8c5d23334c8a7a813fbd556
-
SHA1
b4aa99efc4ae0896737649042b43daeaa33efbaa
-
SHA256
ed5863dca5a1a18030f9730c0344dbdd2d16a323194085f577640d8addd9a87d
-
SHA512
d913c1bca7041a411fdb04031b7b3b1008035c14912058ab2b8619152e7fb8d3928e899d0e4dd6a11fccb590091aed9b1cd8c8ad9792c074e77c7d9387c4704b
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-