General
-
Target
ffb853f6cdcadc9233213c0b79bb7a5e8bc65801b5afbc8a74370cebd2ac7e3a
-
Size
6.5MB
-
Sample
220724-vndvvabhd3
-
MD5
eec77cef2cdf57a824fac4670d69b2e6
-
SHA1
f1834146df5511a7fad5745705d32b1b03d31ff8
-
SHA256
ffb853f6cdcadc9233213c0b79bb7a5e8bc65801b5afbc8a74370cebd2ac7e3a
-
SHA512
ff774d9d0d93fb866bf298e7119a725bbeacf3b31d2c1f7a53f620e51489e5a376fb8b23530534f0a9de7829a9205dc22093237ab478f94008cf2b7167b29e70
Static task
static1
Behavioral task
behavioral1
Sample
ffb853f6cdcadc9233213c0b79bb7a5e8bc65801b5afbc8a74370cebd2ac7e3a.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
ffb853f6cdcadc9233213c0b79bb7a5e8bc65801b5afbc8a74370cebd2ac7e3a.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
ffb853f6cdcadc9233213c0b79bb7a5e8bc65801b5afbc8a74370cebd2ac7e3a
-
Size
6.5MB
-
MD5
eec77cef2cdf57a824fac4670d69b2e6
-
SHA1
f1834146df5511a7fad5745705d32b1b03d31ff8
-
SHA256
ffb853f6cdcadc9233213c0b79bb7a5e8bc65801b5afbc8a74370cebd2ac7e3a
-
SHA512
ff774d9d0d93fb866bf298e7119a725bbeacf3b31d2c1f7a53f620e51489e5a376fb8b23530534f0a9de7829a9205dc22093237ab478f94008cf2b7167b29e70
-
Glupteba payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-