General
-
Target
7f4f5f4be70aa6864b8d3b38c481ae518bddbf08fec6933bac24aadfaeab7f6d
-
Size
5.0MB
-
Sample
220725-fc6n6afbe8
-
MD5
aaf0c955f6f955c1396975e66a9c74b1
-
SHA1
a5973b9ec05804d870ad1e0009d86d8fd040b67c
-
SHA256
7f4f5f4be70aa6864b8d3b38c481ae518bddbf08fec6933bac24aadfaeab7f6d
-
SHA512
ff536a7f83975ac7d934dee959ac8a3a355d69d45aa4ce1a14b6a2e5f3dc7fecf2c6d4a12d0e992591cbe13db535d6747c1c0b948f0f6f63f0d2c5758a79f29f
Static task
static1
Behavioral task
behavioral1
Sample
7f4f5f4be70aa6864b8d3b38c481ae518bddbf08fec6933bac24aadfaeab7f6d.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
7f4f5f4be70aa6864b8d3b38c481ae518bddbf08fec6933bac24aadfaeab7f6d.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
7f4f5f4be70aa6864b8d3b38c481ae518bddbf08fec6933bac24aadfaeab7f6d
-
Size
5.0MB
-
MD5
aaf0c955f6f955c1396975e66a9c74b1
-
SHA1
a5973b9ec05804d870ad1e0009d86d8fd040b67c
-
SHA256
7f4f5f4be70aa6864b8d3b38c481ae518bddbf08fec6933bac24aadfaeab7f6d
-
SHA512
ff536a7f83975ac7d934dee959ac8a3a355d69d45aa4ce1a14b6a2e5f3dc7fecf2c6d4a12d0e992591cbe13db535d6747c1c0b948f0f6f63f0d2c5758a79f29f
-
Glupteba payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-