General
-
Target
ae7daaeed4d69a185e48b18c9fb70d9422fe4d71cd55bf993165680a4c1e2c82
-
Size
4.7MB
-
Sample
220725-ewjs3aece4
-
MD5
9a232f2047ce830e45c421d4c36314c4
-
SHA1
949d018bda22adbf77496a90ca7d3520baec4355
-
SHA256
ae7daaeed4d69a185e48b18c9fb70d9422fe4d71cd55bf993165680a4c1e2c82
-
SHA512
1f84f11ec4aae9d2821226d711f29d330b477ee9891e0b05b14700aac5d5805c130df2bb97e86030b91195942fd987849a65efa1359595944d705c3d67acb20d
Behavioral task
behavioral1
Sample
ae7daaeed4d69a185e48b18c9fb70d9422fe4d71cd55bf993165680a4c1e2c82.exe
Resource
win7-20220715-en
Malware Config
Targets
-
-
Target
ae7daaeed4d69a185e48b18c9fb70d9422fe4d71cd55bf993165680a4c1e2c82
-
Size
4.7MB
-
MD5
9a232f2047ce830e45c421d4c36314c4
-
SHA1
949d018bda22adbf77496a90ca7d3520baec4355
-
SHA256
ae7daaeed4d69a185e48b18c9fb70d9422fe4d71cd55bf993165680a4c1e2c82
-
SHA512
1f84f11ec4aae9d2821226d711f29d330b477ee9891e0b05b14700aac5d5805c130df2bb97e86030b91195942fd987849a65efa1359595944d705c3d67acb20d
-
Glupteba payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-