General
-
Target
f682e317ca6222a8206b6813e8169db0358c281f1ac370f0063855f360728cb8
-
Size
4.2MB
-
Sample
240419-2nj57ahe29
-
MD5
5bd514d6768423d96321a50b5e8c1435
-
SHA1
60f2313170763bc7d8ac5e3efe9176d7c19e3fcc
-
SHA256
f682e317ca6222a8206b6813e8169db0358c281f1ac370f0063855f360728cb8
-
SHA512
db54d99280a326f4a6f4966c4e16c5bfc607fb3aa38025abd24db1337ea53db10047e3b669bdd9319b09d51236f805af90d0bde44e4f98828c87c8492f97a577
-
SSDEEP
98304:P/40EOOAEftLoGWLNDgTXMgGOTrFzBqlMJaGItfGo:HdVQtLoTZDg5GO9Bqlcg
Static task
static1
Behavioral task
behavioral1
Sample
f682e317ca6222a8206b6813e8169db0358c281f1ac370f0063855f360728cb8.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
f682e317ca6222a8206b6813e8169db0358c281f1ac370f0063855f360728cb8
-
Size
4.2MB
-
MD5
5bd514d6768423d96321a50b5e8c1435
-
SHA1
60f2313170763bc7d8ac5e3efe9176d7c19e3fcc
-
SHA256
f682e317ca6222a8206b6813e8169db0358c281f1ac370f0063855f360728cb8
-
SHA512
db54d99280a326f4a6f4966c4e16c5bfc607fb3aa38025abd24db1337ea53db10047e3b669bdd9319b09d51236f805af90d0bde44e4f98828c87c8492f97a577
-
SSDEEP
98304:P/40EOOAEftLoGWLNDgTXMgGOTrFzBqlMJaGItfGo:HdVQtLoTZDg5GO9Bqlcg
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1