General
-
Target
ba8c1647b4d6f29e963a4a558740919239824575843040defe97e7f2193e07e9
-
Size
3.9MB
-
Sample
220524-tealdscdgq
-
MD5
7950b8f106dbb9575ea9071fabde106b
-
SHA1
9b09e1bbd84e99759170db691e47ee259f4be720
-
SHA256
ba8c1647b4d6f29e963a4a558740919239824575843040defe97e7f2193e07e9
-
SHA512
ec83f3ff61888bcf4b8d327fcc35a3de38842e90c4a12fe9a29325e9e9e32083592a8847ec76616adf96d5c7eea4ed055422e5d0a0aaf8266e842a8af015033a
Static task
static1
Behavioral task
behavioral1
Sample
ba8c1647b4d6f29e963a4a558740919239824575843040defe97e7f2193e07e9.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
ba8c1647b4d6f29e963a4a558740919239824575843040defe97e7f2193e07e9
-
Size
3.9MB
-
MD5
7950b8f106dbb9575ea9071fabde106b
-
SHA1
9b09e1bbd84e99759170db691e47ee259f4be720
-
SHA256
ba8c1647b4d6f29e963a4a558740919239824575843040defe97e7f2193e07e9
-
SHA512
ec83f3ff61888bcf4b8d327fcc35a3de38842e90c4a12fe9a29325e9e9e32083592a8847ec76616adf96d5c7eea4ed055422e5d0a0aaf8266e842a8af015033a
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-