General
-
Target
7cbf81b5f6af715286bf2e39a3cf243c562af0df823db2c2241dda0cb769ee88
-
Size
3.8MB
-
Sample
220524-vczceaaah4
-
MD5
2a0bf78294ccfa527bdb818125e44540
-
SHA1
a13544d56a85c2fe8cf54e11ff1fedba5dbb224e
-
SHA256
7cbf81b5f6af715286bf2e39a3cf243c562af0df823db2c2241dda0cb769ee88
-
SHA512
692bbb9f719bd91fc2f4555fa19d71c5048feedc886dd47121ada78f7c17b97e57568a11b365ba93fa4c169b7bc4f0f1fd61a049b494137b2116f65c701c5cb2
Static task
static1
Behavioral task
behavioral1
Sample
7cbf81b5f6af715286bf2e39a3cf243c562af0df823db2c2241dda0cb769ee88.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
7cbf81b5f6af715286bf2e39a3cf243c562af0df823db2c2241dda0cb769ee88
-
Size
3.8MB
-
MD5
2a0bf78294ccfa527bdb818125e44540
-
SHA1
a13544d56a85c2fe8cf54e11ff1fedba5dbb224e
-
SHA256
7cbf81b5f6af715286bf2e39a3cf243c562af0df823db2c2241dda0cb769ee88
-
SHA512
692bbb9f719bd91fc2f4555fa19d71c5048feedc886dd47121ada78f7c17b97e57568a11b365ba93fa4c169b7bc4f0f1fd61a049b494137b2116f65c701c5cb2
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-