General
-
Target
507a01906df7c9cf71d42e74d3ae5c051705f4c373aaddc3d2f2d360749dec8f
-
Size
4.2MB
-
Sample
240417-275w1ahc28
-
MD5
5fef6298956316651c78a1c4f0a64b69
-
SHA1
73d4af5ebdb890e83fdeb50bf8e4c5c82d3521a3
-
SHA256
507a01906df7c9cf71d42e74d3ae5c051705f4c373aaddc3d2f2d360749dec8f
-
SHA512
4c91d0cfb6307c0b318f1899de74d211dff47351ae06a56fac8ae1f39b5b8fccdc615f8e9e7c74203030ddcfd40ca98c1fe156e9a4843a242bbed28ac537c072
-
SSDEEP
98304:9uj+q6TJ4wJXu5ZJ1j+7xTB8ercClYoKJ32fC3NV26E3wqtOnXcGdwYxxx:Aj+FTuwJ2ZmxTB8FOXbwqtOnFmYxx
Static task
static1
Behavioral task
behavioral1
Sample
507a01906df7c9cf71d42e74d3ae5c051705f4c373aaddc3d2f2d360749dec8f.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
507a01906df7c9cf71d42e74d3ae5c051705f4c373aaddc3d2f2d360749dec8f
-
Size
4.2MB
-
MD5
5fef6298956316651c78a1c4f0a64b69
-
SHA1
73d4af5ebdb890e83fdeb50bf8e4c5c82d3521a3
-
SHA256
507a01906df7c9cf71d42e74d3ae5c051705f4c373aaddc3d2f2d360749dec8f
-
SHA512
4c91d0cfb6307c0b318f1899de74d211dff47351ae06a56fac8ae1f39b5b8fccdc615f8e9e7c74203030ddcfd40ca98c1fe156e9a4843a242bbed28ac537c072
-
SSDEEP
98304:9uj+q6TJ4wJXu5ZJ1j+7xTB8ercClYoKJ32fC3NV26E3wqtOnXcGdwYxxx:Aj+FTuwJ2ZmxTB8FOXbwqtOnFmYxx
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1