General
-
Target
dea5c3515a6ba10a6aaa9bd0f68313dc31c6af750e8d9facb062e5cb214abf80
-
Size
3.8MB
-
Sample
220524-yhq5rsahhr
-
MD5
67528c122b41e16a4278be9576237193
-
SHA1
f87c1086c1fdc52b825f2b8d51ec900e5bebbba6
-
SHA256
dea5c3515a6ba10a6aaa9bd0f68313dc31c6af750e8d9facb062e5cb214abf80
-
SHA512
f7026d36eb810d7cde576b386609153dc02ee1133bda41a07afa27e3e931ffcc9cf4468225ca4239e2361c817b15b87f1d0b1122025a1d7390189c5dda4b77bd
Static task
static1
Behavioral task
behavioral1
Sample
dea5c3515a6ba10a6aaa9bd0f68313dc31c6af750e8d9facb062e5cb214abf80.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
dea5c3515a6ba10a6aaa9bd0f68313dc31c6af750e8d9facb062e5cb214abf80.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
dea5c3515a6ba10a6aaa9bd0f68313dc31c6af750e8d9facb062e5cb214abf80
-
Size
3.8MB
-
MD5
67528c122b41e16a4278be9576237193
-
SHA1
f87c1086c1fdc52b825f2b8d51ec900e5bebbba6
-
SHA256
dea5c3515a6ba10a6aaa9bd0f68313dc31c6af750e8d9facb062e5cb214abf80
-
SHA512
f7026d36eb810d7cde576b386609153dc02ee1133bda41a07afa27e3e931ffcc9cf4468225ca4239e2361c817b15b87f1d0b1122025a1d7390189c5dda4b77bd
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-