General
-
Target
79d71f5011d81eb329542ee10bf51d18bcfa8cdb423150903666e9c47dc75579
-
Size
4.2MB
-
Sample
240419-q2aywseh2v
-
MD5
20b4273768e2a8014af517034a75f2ff
-
SHA1
294d2f53995fc41d3bb895a30c75166e74684dd5
-
SHA256
79d71f5011d81eb329542ee10bf51d18bcfa8cdb423150903666e9c47dc75579
-
SHA512
ac133a8c8d326ee135b6d10f06ce3300d35f9049a9aae5912729682eb2e9350c0ae020fe6aa73a23bdf69e0b134e8d3a32d27749e1f6b60240e9a30fee4f3d84
-
SSDEEP
98304:mnK8LmfPd/8stvQd5ytt2zai81uhNveK9SmSQsZGchR1mo:F8qfPd/x65yttA81u3LZOh/F
Static task
static1
Behavioral task
behavioral1
Sample
79d71f5011d81eb329542ee10bf51d18bcfa8cdb423150903666e9c47dc75579.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
79d71f5011d81eb329542ee10bf51d18bcfa8cdb423150903666e9c47dc75579
-
Size
4.2MB
-
MD5
20b4273768e2a8014af517034a75f2ff
-
SHA1
294d2f53995fc41d3bb895a30c75166e74684dd5
-
SHA256
79d71f5011d81eb329542ee10bf51d18bcfa8cdb423150903666e9c47dc75579
-
SHA512
ac133a8c8d326ee135b6d10f06ce3300d35f9049a9aae5912729682eb2e9350c0ae020fe6aa73a23bdf69e0b134e8d3a32d27749e1f6b60240e9a30fee4f3d84
-
SSDEEP
98304:mnK8LmfPd/8stvQd5ytt2zai81uhNveK9SmSQsZGchR1mo:F8qfPd/x65yttA81u3LZOh/F
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1