General
-
Target
21cb1875f4071f277658fc6b8bd7b5dcc41b64a33bf8910822a048e9886a137e
-
Size
4.2MB
-
Sample
240419-rceq8aeb78
-
MD5
5ad0fb4cba53537bd47e9b5fdc77cc62
-
SHA1
fde04bd35efc95772b636c5b271bc57b62347e09
-
SHA256
21cb1875f4071f277658fc6b8bd7b5dcc41b64a33bf8910822a048e9886a137e
-
SHA512
92bf0e5eb92395851a7f0eecdd3484dd053e391eb098b66ac8839f74851c9737f21c1d33e4d9f173b9fe963e7e4578228c91a9cbd56033d35fc3bf1703c84622
-
SSDEEP
98304:Du15A1GiNRFuKfVvdEh8/k6ld6teGU//blllQO5EUt0+BFZRUpdVYt:DaARFuKJWhQkavn//blllQdNaFDGXC
Static task
static1
Behavioral task
behavioral1
Sample
21cb1875f4071f277658fc6b8bd7b5dcc41b64a33bf8910822a048e9886a137e.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
21cb1875f4071f277658fc6b8bd7b5dcc41b64a33bf8910822a048e9886a137e
-
Size
4.2MB
-
MD5
5ad0fb4cba53537bd47e9b5fdc77cc62
-
SHA1
fde04bd35efc95772b636c5b271bc57b62347e09
-
SHA256
21cb1875f4071f277658fc6b8bd7b5dcc41b64a33bf8910822a048e9886a137e
-
SHA512
92bf0e5eb92395851a7f0eecdd3484dd053e391eb098b66ac8839f74851c9737f21c1d33e4d9f173b9fe963e7e4578228c91a9cbd56033d35fc3bf1703c84622
-
SSDEEP
98304:Du15A1GiNRFuKfVvdEh8/k6ld6teGU//blllQO5EUt0+BFZRUpdVYt:DaARFuKJWhQkavn//blllQdNaFDGXC
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1