General
-
Target
5603d6de2949122bc45ce7a98ad6631a8b551e15e68ce1d89055ae62a7d36d7d
-
Size
3.8MB
-
Sample
220524-tzfcdadccr
-
MD5
46cd5ad93681a950fa01125120913ebb
-
SHA1
4693a9cf3533b2840f61395382b09ece928bf79f
-
SHA256
5603d6de2949122bc45ce7a98ad6631a8b551e15e68ce1d89055ae62a7d36d7d
-
SHA512
49974c1c95524994b381e1afa23075c9d202fc68a0b23e5d36d28284567019d0b42b8ad051c03fbdba47037f87d5c70229a7a5a8e2978fef08946a9f36e69a1e
Static task
static1
Behavioral task
behavioral1
Sample
5603d6de2949122bc45ce7a98ad6631a8b551e15e68ce1d89055ae62a7d36d7d.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
5603d6de2949122bc45ce7a98ad6631a8b551e15e68ce1d89055ae62a7d36d7d
-
Size
3.8MB
-
MD5
46cd5ad93681a950fa01125120913ebb
-
SHA1
4693a9cf3533b2840f61395382b09ece928bf79f
-
SHA256
5603d6de2949122bc45ce7a98ad6631a8b551e15e68ce1d89055ae62a7d36d7d
-
SHA512
49974c1c95524994b381e1afa23075c9d202fc68a0b23e5d36d28284567019d0b42b8ad051c03fbdba47037f87d5c70229a7a5a8e2978fef08946a9f36e69a1e
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-