General
-
Target
9def6252c671b2b091a644f7411687d35a7c0b2d9f0dc4c69937fa4c73e0ae35
-
Size
4.2MB
-
Sample
240417-sqya6afb9x
-
MD5
69c259c2a6535edf3e3e69438cd42a33
-
SHA1
ad30360c0411c6348a76d1ddfe627e07e6fbd414
-
SHA256
9def6252c671b2b091a644f7411687d35a7c0b2d9f0dc4c69937fa4c73e0ae35
-
SHA512
eff9b21500690d7bb9e3478bd2637c965a29e948dc28bf958388a6e2d1b77503e8543a7e2ea704285299c2ab8921d62f529222866d2723e11ec51228a678529e
-
SSDEEP
98304:UwoxqRNHtYTbrnnqfLVkrWMdzx639PKF8Qxu:PXR9tYTb7qxEbNx6NSxu
Static task
static1
Behavioral task
behavioral1
Sample
9def6252c671b2b091a644f7411687d35a7c0b2d9f0dc4c69937fa4c73e0ae35.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
9def6252c671b2b091a644f7411687d35a7c0b2d9f0dc4c69937fa4c73e0ae35
-
Size
4.2MB
-
MD5
69c259c2a6535edf3e3e69438cd42a33
-
SHA1
ad30360c0411c6348a76d1ddfe627e07e6fbd414
-
SHA256
9def6252c671b2b091a644f7411687d35a7c0b2d9f0dc4c69937fa4c73e0ae35
-
SHA512
eff9b21500690d7bb9e3478bd2637c965a29e948dc28bf958388a6e2d1b77503e8543a7e2ea704285299c2ab8921d62f529222866d2723e11ec51228a678529e
-
SSDEEP
98304:UwoxqRNHtYTbrnnqfLVkrWMdzx639PKF8Qxu:PXR9tYTb7qxEbNx6NSxu
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1