General
-
Target
9a97d33edbdf3f58e4e02129fd9a573085de90d4ae1098ffa38fa4d0864eac9f
-
Size
3.9MB
-
Sample
220524-yka7bsbafr
-
MD5
1785d20bbf66ac8afd66138781b5b9e9
-
SHA1
a00fac5ec41193251feabd003c8af8beb4a45d40
-
SHA256
9a97d33edbdf3f58e4e02129fd9a573085de90d4ae1098ffa38fa4d0864eac9f
-
SHA512
95165609140e45d4f4e31170f38eb4964e49742de3ecdd04d6ab3b3dc5e72aada6f76976be025b87a06e8ea7131ef80cb6ad7cf782e1eaaa8c31d8cfcb2afbe8
Static task
static1
Behavioral task
behavioral1
Sample
9a97d33edbdf3f58e4e02129fd9a573085de90d4ae1098ffa38fa4d0864eac9f.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
9a97d33edbdf3f58e4e02129fd9a573085de90d4ae1098ffa38fa4d0864eac9f
-
Size
3.9MB
-
MD5
1785d20bbf66ac8afd66138781b5b9e9
-
SHA1
a00fac5ec41193251feabd003c8af8beb4a45d40
-
SHA256
9a97d33edbdf3f58e4e02129fd9a573085de90d4ae1098ffa38fa4d0864eac9f
-
SHA512
95165609140e45d4f4e31170f38eb4964e49742de3ecdd04d6ab3b3dc5e72aada6f76976be025b87a06e8ea7131ef80cb6ad7cf782e1eaaa8c31d8cfcb2afbe8
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-