General
-
Target
1484e6c88226ef61ea99b4982cac51b602ce1db950db204a9a1d3cc698c4bcad
-
Size
4.9MB
-
Sample
220725-debwfscacr
-
MD5
b007f8a22aa86800c79e7b14fb42f95e
-
SHA1
2ee1655b07459d481f434f33f98a2d6669abfa2f
-
SHA256
1484e6c88226ef61ea99b4982cac51b602ce1db950db204a9a1d3cc698c4bcad
-
SHA512
17292dd10e2a804404b902413281a01f401bc8920e4689c4f2bdbf5ae5e771c0df428c9ab8ae22c750488ac6c84573baa892e7642afd580a157f33a7158dac6f
Static task
static1
Behavioral task
behavioral1
Sample
1484e6c88226ef61ea99b4982cac51b602ce1db950db204a9a1d3cc698c4bcad.exe
Resource
win7-20220718-en
Malware Config
Targets
-
-
Target
1484e6c88226ef61ea99b4982cac51b602ce1db950db204a9a1d3cc698c4bcad
-
Size
4.9MB
-
MD5
b007f8a22aa86800c79e7b14fb42f95e
-
SHA1
2ee1655b07459d481f434f33f98a2d6669abfa2f
-
SHA256
1484e6c88226ef61ea99b4982cac51b602ce1db950db204a9a1d3cc698c4bcad
-
SHA512
17292dd10e2a804404b902413281a01f401bc8920e4689c4f2bdbf5ae5e771c0df428c9ab8ae22c750488ac6c84573baa892e7642afd580a157f33a7158dac6f
-
Glupteba payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup
suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup
-
suricata: ET MALWARE Glupteba CnC Observed in DNS Query
suricata: ET MALWARE Glupteba CnC Observed in DNS Query
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-