General
-
Target
a5501eb525e7f6fd6b734c1684b2003f8efe60382472575559df658c5e54975e
-
Size
4.2MB
-
Sample
240419-qm6f9aed6y
-
MD5
02827eb6bb7bed85ce569bf1b3697440
-
SHA1
7c8ef9b1fb7aa6bd25040da4fe529e48b7b118cc
-
SHA256
a5501eb525e7f6fd6b734c1684b2003f8efe60382472575559df658c5e54975e
-
SHA512
a903a0701d2d4b86bd035427b2f6247b03c665231f43862e8c9ad519f219505782ede81c4c24fe02518dfa5a6d61239f53800d30afa0246cea234ab9233dd7ab
-
SSDEEP
98304:GnK8LmfPd/8stvQd5ytt2zai81uhNveK9SmSQsZGchR1mW:l8qfPd/x65yttA81u3LZOh/b
Static task
static1
Behavioral task
behavioral1
Sample
a5501eb525e7f6fd6b734c1684b2003f8efe60382472575559df658c5e54975e.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
a5501eb525e7f6fd6b734c1684b2003f8efe60382472575559df658c5e54975e
-
Size
4.2MB
-
MD5
02827eb6bb7bed85ce569bf1b3697440
-
SHA1
7c8ef9b1fb7aa6bd25040da4fe529e48b7b118cc
-
SHA256
a5501eb525e7f6fd6b734c1684b2003f8efe60382472575559df658c5e54975e
-
SHA512
a903a0701d2d4b86bd035427b2f6247b03c665231f43862e8c9ad519f219505782ede81c4c24fe02518dfa5a6d61239f53800d30afa0246cea234ab9233dd7ab
-
SSDEEP
98304:GnK8LmfPd/8stvQd5ytt2zai81uhNveK9SmSQsZGchR1mW:l8qfPd/x65yttA81u3LZOh/b
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1