General
-
Target
e7a643db5b4e6bb6711e1aeebeffb0a495ca4528542adf2a7acb6b7fa1c55761
-
Size
4.2MB
-
Sample
240419-apgmxacb5w
-
MD5
29d035656442b487adc8d34b22709cf2
-
SHA1
ea7eff1b4c5d2a3c69ef36ec2788e11026c85ee0
-
SHA256
e7a643db5b4e6bb6711e1aeebeffb0a495ca4528542adf2a7acb6b7fa1c55761
-
SHA512
59a1742041376f10242295483ca53d7465d83cc991a10dfee6d1151e346a657b0bddaf9a8973e5622244d542ebbae05cc19ceb3a94e1df77919b3abe3c62c1d9
-
SSDEEP
98304:+bvDuo/zvoC5HERRwr8YNEXJ0TS4JBXxT3BRfe7gLCxccCwfp3PGPzDBAeGjYAT:+nBoCproYNEXJ0O+Xpe7jrRPGnBARjfT
Static task
static1
Behavioral task
behavioral1
Sample
e7a643db5b4e6bb6711e1aeebeffb0a495ca4528542adf2a7acb6b7fa1c55761.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
e7a643db5b4e6bb6711e1aeebeffb0a495ca4528542adf2a7acb6b7fa1c55761
-
Size
4.2MB
-
MD5
29d035656442b487adc8d34b22709cf2
-
SHA1
ea7eff1b4c5d2a3c69ef36ec2788e11026c85ee0
-
SHA256
e7a643db5b4e6bb6711e1aeebeffb0a495ca4528542adf2a7acb6b7fa1c55761
-
SHA512
59a1742041376f10242295483ca53d7465d83cc991a10dfee6d1151e346a657b0bddaf9a8973e5622244d542ebbae05cc19ceb3a94e1df77919b3abe3c62c1d9
-
SSDEEP
98304:+bvDuo/zvoC5HERRwr8YNEXJ0TS4JBXxT3BRfe7gLCxccCwfp3PGPzDBAeGjYAT:+nBoCproYNEXJ0O+Xpe7jrRPGnBARjfT
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1