General
-
Target
98e834844596c0eea2d4f685313201c06fc9205235ccd66298148af82b211e85
-
Size
4.2MB
-
Sample
240417-qcr6waab31
-
MD5
0549d0f6053f8bfea993938568e57da4
-
SHA1
91f871d30fae3527840438b6f4979eb12fd83d10
-
SHA256
98e834844596c0eea2d4f685313201c06fc9205235ccd66298148af82b211e85
-
SHA512
71f166402c809d2f5e6190d0472e9227eaa27f147f4af6497594cc23abb69624a6ae3a0c5991b1ae9ffb323a86420aef35c97c2ec1a97cfd8e7023e853a08a0b
-
SSDEEP
98304:HwgJ0K+PIdMx0kJiFtsOSoRTiNy5FTeRdH/jgRnLKd+iGCp3lZyxxbliz:YPIhkJiF6OSCTez0RwjGiZklo
Static task
static1
Behavioral task
behavioral1
Sample
98e834844596c0eea2d4f685313201c06fc9205235ccd66298148af82b211e85.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
98e834844596c0eea2d4f685313201c06fc9205235ccd66298148af82b211e85
-
Size
4.2MB
-
MD5
0549d0f6053f8bfea993938568e57da4
-
SHA1
91f871d30fae3527840438b6f4979eb12fd83d10
-
SHA256
98e834844596c0eea2d4f685313201c06fc9205235ccd66298148af82b211e85
-
SHA512
71f166402c809d2f5e6190d0472e9227eaa27f147f4af6497594cc23abb69624a6ae3a0c5991b1ae9ffb323a86420aef35c97c2ec1a97cfd8e7023e853a08a0b
-
SSDEEP
98304:HwgJ0K+PIdMx0kJiFtsOSoRTiNy5FTeRdH/jgRnLKd+iGCp3lZyxxbliz:YPIhkJiF6OSCTez0RwjGiZklo
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1