General
-
Target
75018068a037b50c538391b39640ec8efd7ecc2b5912498a568f6a3d0d2701d5
-
Size
4.2MB
-
Sample
240418-hwwpeafe91
-
MD5
cf7ed62bf7d79b90b4c76553343a304e
-
SHA1
3b2d1140697c73509f65a1c1d69e4c7e59f2d9d2
-
SHA256
75018068a037b50c538391b39640ec8efd7ecc2b5912498a568f6a3d0d2701d5
-
SHA512
b06075a384142490fae7ad69a6e44a92c0c282cf67a42bb9d9fe935639721fc9f97a8caf07a372f3ca1aae0d820c13d2d8df542562b5649c7b1a5877e130f87e
-
SSDEEP
98304:C7V5WBlU86Tvm6P9JrD90yOgG9ATmX7qCnxtHj:C5Wq66PzD9dwAKrqCx5j
Static task
static1
Behavioral task
behavioral1
Sample
75018068a037b50c538391b39640ec8efd7ecc2b5912498a568f6a3d0d2701d5.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
75018068a037b50c538391b39640ec8efd7ecc2b5912498a568f6a3d0d2701d5
-
Size
4.2MB
-
MD5
cf7ed62bf7d79b90b4c76553343a304e
-
SHA1
3b2d1140697c73509f65a1c1d69e4c7e59f2d9d2
-
SHA256
75018068a037b50c538391b39640ec8efd7ecc2b5912498a568f6a3d0d2701d5
-
SHA512
b06075a384142490fae7ad69a6e44a92c0c282cf67a42bb9d9fe935639721fc9f97a8caf07a372f3ca1aae0d820c13d2d8df542562b5649c7b1a5877e130f87e
-
SSDEEP
98304:C7V5WBlU86Tvm6P9JrD90yOgG9ATmX7qCnxtHj:C5Wq66PzD9dwAKrqCx5j
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1