General
-
Target
441e7ca45ce5fbb847c7b7a3367243a21ab086167caf7a5ff5d5d521ac5517d3
-
Size
4.2MB
-
Sample
240419-ba65pach4z
-
MD5
7a4e750e25c30a1fbcb0c70b0c56dc9b
-
SHA1
f557e89cc813ad265a2b216a92b006dd8c881960
-
SHA256
441e7ca45ce5fbb847c7b7a3367243a21ab086167caf7a5ff5d5d521ac5517d3
-
SHA512
27ee50103a70bc0af5e2de8d601bdd6a897bcad6875bcb4663eb050fd4b97f6f9ad815f63986e0597065cf82eff23a9ef94de0204954fb7e9d7441fb849546ae
-
SSDEEP
98304:ieU9Bh0ZpWG7460rhxj0FMVy+9LgCbGoD1OyJCOsGUxDW88A2xBQ0r:C9j0jWE+llaMVy+90CpOuCOqDWtA2xBX
Static task
static1
Behavioral task
behavioral1
Sample
441e7ca45ce5fbb847c7b7a3367243a21ab086167caf7a5ff5d5d521ac5517d3.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
441e7ca45ce5fbb847c7b7a3367243a21ab086167caf7a5ff5d5d521ac5517d3
-
Size
4.2MB
-
MD5
7a4e750e25c30a1fbcb0c70b0c56dc9b
-
SHA1
f557e89cc813ad265a2b216a92b006dd8c881960
-
SHA256
441e7ca45ce5fbb847c7b7a3367243a21ab086167caf7a5ff5d5d521ac5517d3
-
SHA512
27ee50103a70bc0af5e2de8d601bdd6a897bcad6875bcb4663eb050fd4b97f6f9ad815f63986e0597065cf82eff23a9ef94de0204954fb7e9d7441fb849546ae
-
SSDEEP
98304:ieU9Bh0ZpWG7460rhxj0FMVy+9LgCbGoD1OyJCOsGUxDW88A2xBQ0r:C9j0jWE+llaMVy+90CpOuCOqDWtA2xBX
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1