General
-
Target
64cd1243c303e1f214089511bd7feba9484f0553c05400b1ce51f7b33f83bed7
-
Size
3.7MB
-
Sample
220724-1lra2shgam
-
MD5
5d1250a818a4193770f1c123adeebaee
-
SHA1
3a7d647250f6c261444855cdb886b81e854461bb
-
SHA256
64cd1243c303e1f214089511bd7feba9484f0553c05400b1ce51f7b33f83bed7
-
SHA512
1d360467b39d7206ace11e7942e352e949f9f2fa15ff95ce38258c8712a25a31d3dd12908ef3a15a158f5b9df6b0a4a84d8de7da861008d5fed0ec0dc5248877
Static task
static1
Behavioral task
behavioral1
Sample
64cd1243c303e1f214089511bd7feba9484f0553c05400b1ce51f7b33f83bed7.exe
Resource
win7-20220718-en
Malware Config
Targets
-
-
Target
64cd1243c303e1f214089511bd7feba9484f0553c05400b1ce51f7b33f83bed7
-
Size
3.7MB
-
MD5
5d1250a818a4193770f1c123adeebaee
-
SHA1
3a7d647250f6c261444855cdb886b81e854461bb
-
SHA256
64cd1243c303e1f214089511bd7feba9484f0553c05400b1ce51f7b33f83bed7
-
SHA512
1d360467b39d7206ace11e7942e352e949f9f2fa15ff95ce38258c8712a25a31d3dd12908ef3a15a158f5b9df6b0a4a84d8de7da861008d5fed0ec0dc5248877
-
Glupteba payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup
suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-