General
-
Target
9832d1ca062cbca0dbf0cbfe2e0c37afb5bd855403ede544bcba923e8ed5c4b5
-
Size
5.0MB
-
Sample
220725-ezadssefel
-
MD5
64c21b4b0f96e53926aee7a511f89ddb
-
SHA1
7ea7e787b466bfa05c75280a6da890bace1e2af5
-
SHA256
9832d1ca062cbca0dbf0cbfe2e0c37afb5bd855403ede544bcba923e8ed5c4b5
-
SHA512
6121a23e97f2c22673ab09a9d3c30ec1eefbd299467534fa6407192b4ec44a7a1677b129c9e67368ef6978cc4060d00fbb8935eed1d974e14a7972b433226369
Static task
static1
Behavioral task
behavioral1
Sample
9832d1ca062cbca0dbf0cbfe2e0c37afb5bd855403ede544bcba923e8ed5c4b5.exe
Resource
win7-20220718-en
Malware Config
Targets
-
-
Target
9832d1ca062cbca0dbf0cbfe2e0c37afb5bd855403ede544bcba923e8ed5c4b5
-
Size
5.0MB
-
MD5
64c21b4b0f96e53926aee7a511f89ddb
-
SHA1
7ea7e787b466bfa05c75280a6da890bace1e2af5
-
SHA256
9832d1ca062cbca0dbf0cbfe2e0c37afb5bd855403ede544bcba923e8ed5c4b5
-
SHA512
6121a23e97f2c22673ab09a9d3c30ec1eefbd299467534fa6407192b4ec44a7a1677b129c9e67368ef6978cc4060d00fbb8935eed1d974e14a7972b433226369
-
Glupteba payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup
suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-