General
-
Target
6c180c3dd369920177079b7e14aacf09da89152eacb7f7112c6e2ff5d7cc4362
-
Size
3.8MB
-
Sample
220524-yj2b5abaek
-
MD5
d643a4af1f2fa28a8c8946358cc29809
-
SHA1
38a8cde23a178b1cb7c2e0abc190f717bcba81b1
-
SHA256
6c180c3dd369920177079b7e14aacf09da89152eacb7f7112c6e2ff5d7cc4362
-
SHA512
0a0a94b3e9cc33365bf2c9275499284d228987853384a920a713a7cbcf089cfa5d8e653d6006b574253108432005cfc9d5ebf4ffaf55aed802accf6cabe4cb8a
Static task
static1
Behavioral task
behavioral1
Sample
6c180c3dd369920177079b7e14aacf09da89152eacb7f7112c6e2ff5d7cc4362.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
6c180c3dd369920177079b7e14aacf09da89152eacb7f7112c6e2ff5d7cc4362
-
Size
3.8MB
-
MD5
d643a4af1f2fa28a8c8946358cc29809
-
SHA1
38a8cde23a178b1cb7c2e0abc190f717bcba81b1
-
SHA256
6c180c3dd369920177079b7e14aacf09da89152eacb7f7112c6e2ff5d7cc4362
-
SHA512
0a0a94b3e9cc33365bf2c9275499284d228987853384a920a713a7cbcf089cfa5d8e653d6006b574253108432005cfc9d5ebf4ffaf55aed802accf6cabe4cb8a
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-