General
-
Target
ee5c635194ead39aaddaa0024f59ab193962d093b35911c3894c5b82917abda7
-
Size
3.8MB
-
Sample
220524-tx48qadbgk
-
MD5
506033e71a9aafb1ef4a9008b4ccc960
-
SHA1
b4c1ed4b8fd01e2916b7c64cecbcee70adff0c7e
-
SHA256
ee5c635194ead39aaddaa0024f59ab193962d093b35911c3894c5b82917abda7
-
SHA512
524925f6052beb638ec91aa2dbb193cacf096e9f3022b9c2a0850f6e86febad411a63174d834ca977227cdc6bf65c71bbb2d66c931b946942d919b49ef7ff9c1
Static task
static1
Behavioral task
behavioral1
Sample
ee5c635194ead39aaddaa0024f59ab193962d093b35911c3894c5b82917abda7.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
ee5c635194ead39aaddaa0024f59ab193962d093b35911c3894c5b82917abda7
-
Size
3.8MB
-
MD5
506033e71a9aafb1ef4a9008b4ccc960
-
SHA1
b4c1ed4b8fd01e2916b7c64cecbcee70adff0c7e
-
SHA256
ee5c635194ead39aaddaa0024f59ab193962d093b35911c3894c5b82917abda7
-
SHA512
524925f6052beb638ec91aa2dbb193cacf096e9f3022b9c2a0850f6e86febad411a63174d834ca977227cdc6bf65c71bbb2d66c931b946942d919b49ef7ff9c1
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-