General
-
Target
7865906198.zip
-
Size
3.7MB
-
Sample
220818-hk93nadge7
-
MD5
35d33319ae3ed3b9a190adc0b37dab5f
-
SHA1
c840864223f68b7a8f14b9c7a9a34a5d22ea7d8e
-
SHA256
5fb2f862e4f1fd327c0a493082de9b66fb7a91d4dccef8273b7f75926d888826
-
SHA512
6ca751d5b107e1ed4c07406c1a075bc7f9641a9c28a073827698b52d88dc4daa61166a8c71a5805588e130b5549b8293890d505f98b3af4dfd479272030e5f49
-
SSDEEP
98304:eeAV0W8TyF7QS4a2pXzNAsNco89r0Dd7l/n5+l:eeAOTG8a2p5AsOjrWdf+l
Static task
static1
Behavioral task
behavioral1
Sample
a2cbea585ececfe380a0b431d1f9ae67005cd73fd22acfde16e814dc9bb3d8ab.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a2cbea585ececfe380a0b431d1f9ae67005cd73fd22acfde16e814dc9bb3d8ab.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
a2cbea585ececfe380a0b431d1f9ae67005cd73fd22acfde16e814dc9bb3d8ab
-
Size
4.0MB
-
MD5
f1953eaf2c48b94bb9772bfe38d552e3
-
SHA1
631171103c9bcfb7219353d95d37e313d7365682
-
SHA256
a2cbea585ececfe380a0b431d1f9ae67005cd73fd22acfde16e814dc9bb3d8ab
-
SHA512
29d145c5bd8bb906aa754c20e46541971bb1deae7d987a47899b58b3c01db8f6e5ca4119f713ceeffa7156a5fb01255f46375e806afd41364c66b2ccb5863fd5
-
SSDEEP
98304:8R1MyoGwSUz6jx/0veUrId0IlpmWMzAG4u5MYkVmE:8RbJuveGId3QzAG4u5ZG
-
Glupteba payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-