General
-
Target
f8ddcd0dcc378d0dfc98cdebed31e05c4ebaba6c6fdec8ac75a5f6b40f93a605
-
Size
3.9MB
-
Sample
220724-2fnhmsaha4
-
MD5
55854ff943045b00666f06b5c67f9e1d
-
SHA1
2320d8a26406f13793a6579e6ba5a4b38a01e250
-
SHA256
f8ddcd0dcc378d0dfc98cdebed31e05c4ebaba6c6fdec8ac75a5f6b40f93a605
-
SHA512
9c911993c8a3bd99066b193b70a7ef3a55d30019d021f310a93d3b5842ad87cf90726a09d7b61fe0de4a60e262684f17e4b03d698a2bda1dcdf5e1a8df13dfaf
Static task
static1
Behavioral task
behavioral1
Sample
f8ddcd0dcc378d0dfc98cdebed31e05c4ebaba6c6fdec8ac75a5f6b40f93a605.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
f8ddcd0dcc378d0dfc98cdebed31e05c4ebaba6c6fdec8ac75a5f6b40f93a605.exe
Resource
win10v2004-20220722-en
Malware Config
Targets
-
-
Target
f8ddcd0dcc378d0dfc98cdebed31e05c4ebaba6c6fdec8ac75a5f6b40f93a605
-
Size
3.9MB
-
MD5
55854ff943045b00666f06b5c67f9e1d
-
SHA1
2320d8a26406f13793a6579e6ba5a4b38a01e250
-
SHA256
f8ddcd0dcc378d0dfc98cdebed31e05c4ebaba6c6fdec8ac75a5f6b40f93a605
-
SHA512
9c911993c8a3bd99066b193b70a7ef3a55d30019d021f310a93d3b5842ad87cf90726a09d7b61fe0de4a60e262684f17e4b03d698a2bda1dcdf5e1a8df13dfaf
-
Glupteba payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-