General
-
Target
e7842b156944cb494e606ddca5eaac4bd453a41d9e9f773bc2004d924c198a9c
-
Size
4.1MB
-
Sample
230917-pbk6haac3w
-
MD5
9dc322be85cf4d6bf7992dad07d8ed28
-
SHA1
b3e7dd20e3fc01403c92800be7e92eb44055e896
-
SHA256
e7842b156944cb494e606ddca5eaac4bd453a41d9e9f773bc2004d924c198a9c
-
SHA512
c91b585ee687c8f6ed5753859f8dd6a3ecc448d83ef9897315d9da91a8b85173033895300f7ffa16427b721f3229c4610e9e5fbf1ad24d42e082699744e916aa
-
SSDEEP
98304:8W+dvbXW43PB1Oquxod3aHYyxuubZoHSYxLcEKSMhWazyRQU+W0YH93zTuE2:81JXW43PN44yxuu9GJcTSMW883SYHQ9
Static task
static1
Malware Config
Targets
-
-
Target
e7842b156944cb494e606ddca5eaac4bd453a41d9e9f773bc2004d924c198a9c
-
Size
4.1MB
-
MD5
9dc322be85cf4d6bf7992dad07d8ed28
-
SHA1
b3e7dd20e3fc01403c92800be7e92eb44055e896
-
SHA256
e7842b156944cb494e606ddca5eaac4bd453a41d9e9f773bc2004d924c198a9c
-
SHA512
c91b585ee687c8f6ed5753859f8dd6a3ecc448d83ef9897315d9da91a8b85173033895300f7ffa16427b721f3229c4610e9e5fbf1ad24d42e082699744e916aa
-
SSDEEP
98304:8W+dvbXW43PB1Oquxod3aHYyxuubZoHSYxLcEKSMhWazyRQU+W0YH93zTuE2:81JXW43PN44yxuu9GJcTSMW883SYHQ9
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1