General
-
Target
c29a4896c6025a67b3a80cbd542c854f35773b921c0f1c617d8096e1b9b03719
-
Size
4.2MB
-
Sample
240417-243mgahb37
-
MD5
1a7f17f2489252c3b74e6489d114e7d2
-
SHA1
c33e19a3650b5871d8db9b9386c7e331f4757e5c
-
SHA256
c29a4896c6025a67b3a80cbd542c854f35773b921c0f1c617d8096e1b9b03719
-
SHA512
7554e55af2d0e9014be12f0a64db24485789a499fa18267815c79da148128fbd146dbe61b991fe2bcd425e515bcc8e3d38e8a375f78e766285d678a2be93d544
-
SSDEEP
98304:luj+q6TJ4wJXu5ZJ1j+7xTB8ercClYoKJ32fC3NV26E3wqtOnXcGdwYxxQ:Yj+FTuwJ2ZmxTB8FOXbwqtOnFmYxQ
Static task
static1
Behavioral task
behavioral1
Sample
c29a4896c6025a67b3a80cbd542c854f35773b921c0f1c617d8096e1b9b03719.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
c29a4896c6025a67b3a80cbd542c854f35773b921c0f1c617d8096e1b9b03719
-
Size
4.2MB
-
MD5
1a7f17f2489252c3b74e6489d114e7d2
-
SHA1
c33e19a3650b5871d8db9b9386c7e331f4757e5c
-
SHA256
c29a4896c6025a67b3a80cbd542c854f35773b921c0f1c617d8096e1b9b03719
-
SHA512
7554e55af2d0e9014be12f0a64db24485789a499fa18267815c79da148128fbd146dbe61b991fe2bcd425e515bcc8e3d38e8a375f78e766285d678a2be93d544
-
SSDEEP
98304:luj+q6TJ4wJXu5ZJ1j+7xTB8ercClYoKJ32fC3NV26E3wqtOnXcGdwYxxQ:Yj+FTuwJ2ZmxTB8FOXbwqtOnFmYxQ
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1