General
-
Target
5602f61f952e4288f00d812a4283ed7768b19880b1c36e6ab46a64ce0877a3a2
-
Size
5.0MB
-
Sample
220724-ydzaksdhg6
-
MD5
9c6a38f279505bf3e4f0172f73fec25a
-
SHA1
c3fc13e829d0643d015413d678c4cd39caf065b5
-
SHA256
5602f61f952e4288f00d812a4283ed7768b19880b1c36e6ab46a64ce0877a3a2
-
SHA512
cde1977f626c94fb735f0beba6c1fa7163fa87c1efc2cb0ddca97e4d273a50bdec2e7d69dda6703f8918b19e4cde427bda3fc055a2e258dbcd98a7c135e1050a
Static task
static1
Behavioral task
behavioral1
Sample
5602f61f952e4288f00d812a4283ed7768b19880b1c36e6ab46a64ce0877a3a2.exe
Resource
win7-20220715-en
Malware Config
Targets
-
-
Target
5602f61f952e4288f00d812a4283ed7768b19880b1c36e6ab46a64ce0877a3a2
-
Size
5.0MB
-
MD5
9c6a38f279505bf3e4f0172f73fec25a
-
SHA1
c3fc13e829d0643d015413d678c4cd39caf065b5
-
SHA256
5602f61f952e4288f00d812a4283ed7768b19880b1c36e6ab46a64ce0877a3a2
-
SHA512
cde1977f626c94fb735f0beba6c1fa7163fa87c1efc2cb0ddca97e4d273a50bdec2e7d69dda6703f8918b19e4cde427bda3fc055a2e258dbcd98a7c135e1050a
-
Glupteba payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-