General
-
Target
9081398a990fb75a2403e4f0505ff43af449b583ca475437e5df96133e14ee74
-
Size
4.2MB
-
Sample
240419-2q4ydahe93
-
MD5
d398a1c04a71930d55f658d91df62231
-
SHA1
cf352b452571a5f50cd2e65c97a0824f89ac6276
-
SHA256
9081398a990fb75a2403e4f0505ff43af449b583ca475437e5df96133e14ee74
-
SHA512
a3fe05c5dabd3d26532c232062281f38b6965615ed5914310ebdb3ccd72aa2693bd4ed7dfd6bea3bb34a2db0016830edc2b7329aa2f0437e25574f3c2cf6d763
-
SSDEEP
98304:f/40EOOAEftLoGWLNDgTXMgGOTrFzBqlMJaGItfG9:XdVQtLoTZDg5GO9BqlcV
Static task
static1
Behavioral task
behavioral1
Sample
9081398a990fb75a2403e4f0505ff43af449b583ca475437e5df96133e14ee74.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
9081398a990fb75a2403e4f0505ff43af449b583ca475437e5df96133e14ee74
-
Size
4.2MB
-
MD5
d398a1c04a71930d55f658d91df62231
-
SHA1
cf352b452571a5f50cd2e65c97a0824f89ac6276
-
SHA256
9081398a990fb75a2403e4f0505ff43af449b583ca475437e5df96133e14ee74
-
SHA512
a3fe05c5dabd3d26532c232062281f38b6965615ed5914310ebdb3ccd72aa2693bd4ed7dfd6bea3bb34a2db0016830edc2b7329aa2f0437e25574f3c2cf6d763
-
SSDEEP
98304:f/40EOOAEftLoGWLNDgTXMgGOTrFzBqlMJaGItfG9:XdVQtLoTZDg5GO9BqlcV
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1