General
-
Target
0046c9296b5f7e5a908a3d7304fff977187c02f4d85a9bf772ee3303a7794792
-
Size
4.1MB
-
Sample
231013-qcqytabh47
-
MD5
d244fb085676161505d33e4ea7fada5a
-
SHA1
f70916e054317334ce967986245d55d5acbca688
-
SHA256
0046c9296b5f7e5a908a3d7304fff977187c02f4d85a9bf772ee3303a7794792
-
SHA512
e75cff3fe66b593c3f063ebf014ef32f71d2288642133f2683fe7b3a06e532e88d92cb226d1cca725180eaf1edb523529f80d3f2baad1c931228e0400bbfd394
-
SSDEEP
98304:3lhp/+MAY8LSBetbsJnYPJay0ram2uVyHV/vsKO4IVa8TY/jpHwrK:3lT/+M2+BeVsJYPms9vsd3Va8M/jpv
Static task
static1
Malware Config
Targets
-
-
Target
0046c9296b5f7e5a908a3d7304fff977187c02f4d85a9bf772ee3303a7794792
-
Size
4.1MB
-
MD5
d244fb085676161505d33e4ea7fada5a
-
SHA1
f70916e054317334ce967986245d55d5acbca688
-
SHA256
0046c9296b5f7e5a908a3d7304fff977187c02f4d85a9bf772ee3303a7794792
-
SHA512
e75cff3fe66b593c3f063ebf014ef32f71d2288642133f2683fe7b3a06e532e88d92cb226d1cca725180eaf1edb523529f80d3f2baad1c931228e0400bbfd394
-
SSDEEP
98304:3lhp/+MAY8LSBetbsJnYPJay0ram2uVyHV/vsKO4IVa8TY/jpHwrK:3lT/+M2+BeVsJYPms9vsd3Va8M/jpv
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1