General
-
Target
5a821f9282f6d079eeb89fda84f5cc1b6baa5e87e5bf04a9c5721863e6e23d00
-
Size
4MB
-
Sample
220802-dvktasaabm
-
MD5
d7b5c0dfacada838878509c0e797e38c
-
SHA1
c03590cbfeba3f9820457e4ac083144896c7b4c6
-
SHA256
5a821f9282f6d079eeb89fda84f5cc1b6baa5e87e5bf04a9c5721863e6e23d00
-
SHA512
0af0b8fb10b7c9362b6dc47526cea53c5dcb1745d8eb10b8b89585c09a492c5860000b38ceb7807034b776bc6923302bc7f6167d8ee4f138e66c7ed097b62548
Behavioral task
behavioral1
Sample
5a821f9282f6d079eeb89fda84f5cc1b6baa5e87e5bf04a9c5721863e6e23d00.exe
Resource
win7-20220718-en
Malware Config
Targets
-
-
Target
5a821f9282f6d079eeb89fda84f5cc1b6baa5e87e5bf04a9c5721863e6e23d00
-
Size
4MB
-
MD5
d7b5c0dfacada838878509c0e797e38c
-
SHA1
c03590cbfeba3f9820457e4ac083144896c7b4c6
-
SHA256
5a821f9282f6d079eeb89fda84f5cc1b6baa5e87e5bf04a9c5721863e6e23d00
-
SHA512
0af0b8fb10b7c9362b6dc47526cea53c5dcb1745d8eb10b8b89585c09a492c5860000b38ceb7807034b776bc6923302bc7f6167d8ee4f138e66c7ed097b62548
-
Glupteba payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-