General
-
Target
3591ed61eb36d0baa6c5cbb6e6bea7b5c7b03a68436a5e75ae8d0b0e11e11867
-
Size
4.2MB
-
Sample
240417-sspf2afc6t
-
MD5
ee2b6f482055fb4fd19babab73d53ada
-
SHA1
761f91a84566d0ff1aabed722ac70d84d8029c8b
-
SHA256
3591ed61eb36d0baa6c5cbb6e6bea7b5c7b03a68436a5e75ae8d0b0e11e11867
-
SHA512
5fb9e192aa8f176c2348790a1245b6ac095903f45443835cd3f8049ee76b20c30ae80c539d1eded63a311a1759a31806446abe609b4d3d30c4b9293484989fe9
-
SSDEEP
98304:UwoxqRNHtYTbrnnqfLVkrWMdzx639PKF8QxZ:PXR9tYTb7qxEbNx6NSxZ
Static task
static1
Behavioral task
behavioral1
Sample
3591ed61eb36d0baa6c5cbb6e6bea7b5c7b03a68436a5e75ae8d0b0e11e11867.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
3591ed61eb36d0baa6c5cbb6e6bea7b5c7b03a68436a5e75ae8d0b0e11e11867
-
Size
4.2MB
-
MD5
ee2b6f482055fb4fd19babab73d53ada
-
SHA1
761f91a84566d0ff1aabed722ac70d84d8029c8b
-
SHA256
3591ed61eb36d0baa6c5cbb6e6bea7b5c7b03a68436a5e75ae8d0b0e11e11867
-
SHA512
5fb9e192aa8f176c2348790a1245b6ac095903f45443835cd3f8049ee76b20c30ae80c539d1eded63a311a1759a31806446abe609b4d3d30c4b9293484989fe9
-
SSDEEP
98304:UwoxqRNHtYTbrnnqfLVkrWMdzx639PKF8QxZ:PXR9tYTb7qxEbNx6NSxZ
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1