General
-
Target
d4554f3c02c4f16ad7299d79e4465adc0ea82e537c7340249f943ae7a5ab66d3
-
Size
4.2MB
-
Sample
240417-sln7pafa7t
-
MD5
2412f824274833524d61b885b830e9a8
-
SHA1
ab754d77de4ddaec1f87f18293972868477fa247
-
SHA256
d4554f3c02c4f16ad7299d79e4465adc0ea82e537c7340249f943ae7a5ab66d3
-
SHA512
fb978c3fa80f9f1c0933512dffc3d964e2f0a92a22ac4e67688ec9b9c21d014472de19d9841240c5a08d36176091ca7c71c457dba7b4c7b20f159edcc123d0ea
-
SSDEEP
49152:zMHICC+QSI60PU9JxQmCyuoNbdaRjKWhg6Fgwtw907GqxUhn/2B3sxVJ7i+NBPi+:wHFCy0PUDbdaR/a+iGqhn/GsxbuoA+
Static task
static1
Behavioral task
behavioral1
Sample
d4554f3c02c4f16ad7299d79e4465adc0ea82e537c7340249f943ae7a5ab66d3.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
d4554f3c02c4f16ad7299d79e4465adc0ea82e537c7340249f943ae7a5ab66d3
-
Size
4.2MB
-
MD5
2412f824274833524d61b885b830e9a8
-
SHA1
ab754d77de4ddaec1f87f18293972868477fa247
-
SHA256
d4554f3c02c4f16ad7299d79e4465adc0ea82e537c7340249f943ae7a5ab66d3
-
SHA512
fb978c3fa80f9f1c0933512dffc3d964e2f0a92a22ac4e67688ec9b9c21d014472de19d9841240c5a08d36176091ca7c71c457dba7b4c7b20f159edcc123d0ea
-
SSDEEP
49152:zMHICC+QSI60PU9JxQmCyuoNbdaRjKWhg6Fgwtw907GqxUhn/2B3sxVJ7i+NBPi+:wHFCy0PUDbdaR/a+iGqhn/GsxbuoA+
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1