General
-
Target
173a76d961c98e4fc6957e4a2194eb7afb21ac2570e9e6e6a68ea50004309f18
-
Size
4.2MB
-
Sample
240418-hwfm7afe81
-
MD5
d2c5224a201ec30c6a131d719d418582
-
SHA1
bd9158830e67d8957d6329c250c3727f0dd080d6
-
SHA256
173a76d961c98e4fc6957e4a2194eb7afb21ac2570e9e6e6a68ea50004309f18
-
SHA512
182ab50da24d7eb0e753043bfccf6ef05a30330dec4ed404d7eaffe641d5e0e10dd0dab9e14c78225d319bb6aae41e39e357e9013fdf20a9ddd9379cc7f48b17
-
SSDEEP
98304:67V5WBlU86Tvm6P9JrD90yOgG9ATmX7qCnxtHg:q5Wq66PzD9dwAKrqCx5g
Static task
static1
Behavioral task
behavioral1
Sample
173a76d961c98e4fc6957e4a2194eb7afb21ac2570e9e6e6a68ea50004309f18.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
173a76d961c98e4fc6957e4a2194eb7afb21ac2570e9e6e6a68ea50004309f18
-
Size
4.2MB
-
MD5
d2c5224a201ec30c6a131d719d418582
-
SHA1
bd9158830e67d8957d6329c250c3727f0dd080d6
-
SHA256
173a76d961c98e4fc6957e4a2194eb7afb21ac2570e9e6e6a68ea50004309f18
-
SHA512
182ab50da24d7eb0e753043bfccf6ef05a30330dec4ed404d7eaffe641d5e0e10dd0dab9e14c78225d319bb6aae41e39e357e9013fdf20a9ddd9379cc7f48b17
-
SSDEEP
98304:67V5WBlU86Tvm6P9JrD90yOgG9ATmX7qCnxtHg:q5Wq66PzD9dwAKrqCx5g
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1