General
-
Target
9fd43e821a981a598e7e9911b8f38f6e87d05dedb1b8648faff7e570c692f066
-
Size
4.2MB
-
Sample
240418-lqxajaag4v
-
MD5
a06d2c64fccacac9277da9f8138c8350
-
SHA1
32e0bfbfac0341ccd64300803712472394ae903e
-
SHA256
9fd43e821a981a598e7e9911b8f38f6e87d05dedb1b8648faff7e570c692f066
-
SHA512
87d97c235f9683bc83899b9ff44b00e2ea3d4ee34efa17765ce7d2c3c5d96982c5d559f06922200993b9f9a2171b41ef7ebb1cc9220ec9eba29a58aaff9ff8ad
-
SSDEEP
98304:8CPl518CIueKP5d7oVK7H7yJZnHQCD3+yubJ0gajSS:p518Ue6qZnwCDRsJZVS
Static task
static1
Behavioral task
behavioral1
Sample
9fd43e821a981a598e7e9911b8f38f6e87d05dedb1b8648faff7e570c692f066.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
9fd43e821a981a598e7e9911b8f38f6e87d05dedb1b8648faff7e570c692f066
-
Size
4.2MB
-
MD5
a06d2c64fccacac9277da9f8138c8350
-
SHA1
32e0bfbfac0341ccd64300803712472394ae903e
-
SHA256
9fd43e821a981a598e7e9911b8f38f6e87d05dedb1b8648faff7e570c692f066
-
SHA512
87d97c235f9683bc83899b9ff44b00e2ea3d4ee34efa17765ce7d2c3c5d96982c5d559f06922200993b9f9a2171b41ef7ebb1cc9220ec9eba29a58aaff9ff8ad
-
SSDEEP
98304:8CPl518CIueKP5d7oVK7H7yJZnHQCD3+yubJ0gajSS:p518Ue6qZnwCDRsJZVS
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1