General
-
Target
c824e4437bae5fda0007929fcfabb0a3110820da10673500c9e71aadb982a0b9
-
Size
3.8MB
-
Sample
220724-2fq9jaaha6
-
MD5
c377d72ba0f1c8722df198e42bb9a1b6
-
SHA1
ee4a918581883a9b81a6b58c373453f026fa2ef5
-
SHA256
c824e4437bae5fda0007929fcfabb0a3110820da10673500c9e71aadb982a0b9
-
SHA512
ce72f7e72c83c8d05fc762156131b2f403e6b375e7d2a30f78c1b2ebfdedfe4cd1f7cad592428d202eee909a89daaabae9b4d8638b59d79ecddb5aa06025fe4c
Static task
static1
Behavioral task
behavioral1
Sample
c824e4437bae5fda0007929fcfabb0a3110820da10673500c9e71aadb982a0b9.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
c824e4437bae5fda0007929fcfabb0a3110820da10673500c9e71aadb982a0b9.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
c824e4437bae5fda0007929fcfabb0a3110820da10673500c9e71aadb982a0b9
-
Size
3.8MB
-
MD5
c377d72ba0f1c8722df198e42bb9a1b6
-
SHA1
ee4a918581883a9b81a6b58c373453f026fa2ef5
-
SHA256
c824e4437bae5fda0007929fcfabb0a3110820da10673500c9e71aadb982a0b9
-
SHA512
ce72f7e72c83c8d05fc762156131b2f403e6b375e7d2a30f78c1b2ebfdedfe4cd1f7cad592428d202eee909a89daaabae9b4d8638b59d79ecddb5aa06025fe4c
-
Glupteba payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-