General
-
Target
760a23fa5f377ba1927e86c9d5dbd739f27c0f3434ecf1cc5b3ec5bfaad5d23f
-
Size
3.8MB
-
Sample
220524-z96j7sgfb6
-
MD5
aead55369d3f0a0f9faba7de463a5bc8
-
SHA1
f612c7757c35715f4b4932e9d6e74d3e58ef41a2
-
SHA256
760a23fa5f377ba1927e86c9d5dbd739f27c0f3434ecf1cc5b3ec5bfaad5d23f
-
SHA512
fa5e57cc0038ad8622d1e840b2877dee0f9ad6652b32bc1fb73eb87f5e792e9098774a8b95010753c5589a4697c05a35ca0b5ee4fbf86f00c7d1cf5d5049571e
Static task
static1
Behavioral task
behavioral1
Sample
760a23fa5f377ba1927e86c9d5dbd739f27c0f3434ecf1cc5b3ec5bfaad5d23f.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
760a23fa5f377ba1927e86c9d5dbd739f27c0f3434ecf1cc5b3ec5bfaad5d23f
-
Size
3.8MB
-
MD5
aead55369d3f0a0f9faba7de463a5bc8
-
SHA1
f612c7757c35715f4b4932e9d6e74d3e58ef41a2
-
SHA256
760a23fa5f377ba1927e86c9d5dbd739f27c0f3434ecf1cc5b3ec5bfaad5d23f
-
SHA512
fa5e57cc0038ad8622d1e840b2877dee0f9ad6652b32bc1fb73eb87f5e792e9098774a8b95010753c5589a4697c05a35ca0b5ee4fbf86f00c7d1cf5d5049571e
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-