General
-
Target
eb65adc03302d0d07c6dc793bc8ee0ceb0e134fea724fa37b1b39dfef9d93ec7
-
Size
4.2MB
-
Sample
240417-srtpcsfc3x
-
MD5
21d6332251f1e32d8a4791cd5a0933e8
-
SHA1
f59c0a18e6e156ef7756ae65daea6bf914960840
-
SHA256
eb65adc03302d0d07c6dc793bc8ee0ceb0e134fea724fa37b1b39dfef9d93ec7
-
SHA512
8328d43c35f18c1ba8737a585a04620afaae513a1fce0099c7abce8fb8cbae34afb3e1e3f30fa7981f0fc76c819140c4d5e08fd555c72e599b27adf8c6482054
-
SSDEEP
98304:cwoxqRNHtYTbrnnqfLVkrWMdzx639PKF8QxB:nXR9tYTb7qxEbNx6NSxB
Static task
static1
Behavioral task
behavioral1
Sample
eb65adc03302d0d07c6dc793bc8ee0ceb0e134fea724fa37b1b39dfef9d93ec7.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
eb65adc03302d0d07c6dc793bc8ee0ceb0e134fea724fa37b1b39dfef9d93ec7
-
Size
4.2MB
-
MD5
21d6332251f1e32d8a4791cd5a0933e8
-
SHA1
f59c0a18e6e156ef7756ae65daea6bf914960840
-
SHA256
eb65adc03302d0d07c6dc793bc8ee0ceb0e134fea724fa37b1b39dfef9d93ec7
-
SHA512
8328d43c35f18c1ba8737a585a04620afaae513a1fce0099c7abce8fb8cbae34afb3e1e3f30fa7981f0fc76c819140c4d5e08fd555c72e599b27adf8c6482054
-
SSDEEP
98304:cwoxqRNHtYTbrnnqfLVkrWMdzx639PKF8QxB:nXR9tYTb7qxEbNx6NSxB
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1