General
-
Target
26f72f6c1006db52868801b6d640add7c8e33c6c619be692f3ba4ca7886d7235
-
Size
4.2MB
-
Sample
240417-p41fwshe6t
-
MD5
519eaf44400ae8e6d1446b5f17c23cbe
-
SHA1
7b84cd04b2245035afccbe7b9e772ad9a41e3874
-
SHA256
26f72f6c1006db52868801b6d640add7c8e33c6c619be692f3ba4ca7886d7235
-
SHA512
d3ca833f20303cc6287dbb014b45d70bf8043b4a6913cf8b7d69dccd0b299edbf2d6a47582966c2f8094e0e39822f4596c17f0f60804b7f369dfbba3dbafa5ba
-
SSDEEP
98304:XwgJ0K+PIdMx0kJiFtsOSoRTiNy5FTeRdH/jgRnLKd+iGCp3lZyxxbliX:IPIhkJiF6OSCTez0RwjGiZklc
Static task
static1
Behavioral task
behavioral1
Sample
26f72f6c1006db52868801b6d640add7c8e33c6c619be692f3ba4ca7886d7235.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
26f72f6c1006db52868801b6d640add7c8e33c6c619be692f3ba4ca7886d7235
-
Size
4.2MB
-
MD5
519eaf44400ae8e6d1446b5f17c23cbe
-
SHA1
7b84cd04b2245035afccbe7b9e772ad9a41e3874
-
SHA256
26f72f6c1006db52868801b6d640add7c8e33c6c619be692f3ba4ca7886d7235
-
SHA512
d3ca833f20303cc6287dbb014b45d70bf8043b4a6913cf8b7d69dccd0b299edbf2d6a47582966c2f8094e0e39822f4596c17f0f60804b7f369dfbba3dbafa5ba
-
SSDEEP
98304:XwgJ0K+PIdMx0kJiFtsOSoRTiNy5FTeRdH/jgRnLKd+iGCp3lZyxxbliX:IPIhkJiF6OSCTez0RwjGiZklc
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1