General
-
Target
f514b2071fedd6cc21e5b362e21f391c5d64631c8484b26b856fa8980198d80c
-
Size
4.9MB
-
Sample
220731-hgv5bsdba8
-
MD5
dbbf1473bd68eb81f5dfdcdc2d579712
-
SHA1
88b4c260aa3c113cba3b3db0cf7e5b665969245e
-
SHA256
f514b2071fedd6cc21e5b362e21f391c5d64631c8484b26b856fa8980198d80c
-
SHA512
c273cb238ae842ca6033c79285f1391eeac24322a0a3f5876f75504a3d76a79165c44f02f7145056f8bddf8522e1dcfcbc8d508a90fd52ebcdec3228334c5636
Static task
static1
Behavioral task
behavioral1
Sample
f514b2071fedd6cc21e5b362e21f391c5d64631c8484b26b856fa8980198d80c.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
f514b2071fedd6cc21e5b362e21f391c5d64631c8484b26b856fa8980198d80c.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
f514b2071fedd6cc21e5b362e21f391c5d64631c8484b26b856fa8980198d80c
-
Size
4.9MB
-
MD5
dbbf1473bd68eb81f5dfdcdc2d579712
-
SHA1
88b4c260aa3c113cba3b3db0cf7e5b665969245e
-
SHA256
f514b2071fedd6cc21e5b362e21f391c5d64631c8484b26b856fa8980198d80c
-
SHA512
c273cb238ae842ca6033c79285f1391eeac24322a0a3f5876f75504a3d76a79165c44f02f7145056f8bddf8522e1dcfcbc8d508a90fd52ebcdec3228334c5636
-
Glupteba payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-