General
-
Target
357ec866e92ba8335bac81c317eba879eb5c8f9b7f0fe9965fd6badd7e939c5e
-
Size
4.2MB
-
Sample
240417-spvhwafb5x
-
MD5
442557b16ef520b4da1275f14f562a6d
-
SHA1
c3156a7e6758711895c4391b177f548203a3475d
-
SHA256
357ec866e92ba8335bac81c317eba879eb5c8f9b7f0fe9965fd6badd7e939c5e
-
SHA512
36f880b1e0c799f19a3c729e1c46da67f5c7b1e7db28facb38de1e5454d712cec2b80f2bbf202e7d7df954cbe575eb28e496f37f3d99a1011ee7d0bab43b6f67
-
SSDEEP
98304:MwoxqRNHtYTbrnnqfLVkrWMdzx639PKF8QxQ:3XR9tYTb7qxEbNx6NSxQ
Static task
static1
Behavioral task
behavioral1
Sample
357ec866e92ba8335bac81c317eba879eb5c8f9b7f0fe9965fd6badd7e939c5e.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
357ec866e92ba8335bac81c317eba879eb5c8f9b7f0fe9965fd6badd7e939c5e
-
Size
4.2MB
-
MD5
442557b16ef520b4da1275f14f562a6d
-
SHA1
c3156a7e6758711895c4391b177f548203a3475d
-
SHA256
357ec866e92ba8335bac81c317eba879eb5c8f9b7f0fe9965fd6badd7e939c5e
-
SHA512
36f880b1e0c799f19a3c729e1c46da67f5c7b1e7db28facb38de1e5454d712cec2b80f2bbf202e7d7df954cbe575eb28e496f37f3d99a1011ee7d0bab43b6f67
-
SSDEEP
98304:MwoxqRNHtYTbrnnqfLVkrWMdzx639PKF8QxQ:3XR9tYTb7qxEbNx6NSxQ
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1