General
-
Target
587a31895fca4e9896d0d9eae111008fc2a95868737264d41076fc290b880da8
-
Size
4.2MB
-
Sample
240419-rcy5vseb89
-
MD5
1464a85c07151d5c6a8d2df2e0d77234
-
SHA1
00541aea9d9cc6dbb41516d5950a5e977f8d693b
-
SHA256
587a31895fca4e9896d0d9eae111008fc2a95868737264d41076fc290b880da8
-
SHA512
588800de348f85980a2193b9d02539fdb62c4f1b09358d46fe925698504a475f7c37b946eb9ea874aedb9fde56c884822d134404b3c22f8690f6428499a01ff8
-
SSDEEP
98304:Du15A1GiNRFuKfVvdEh8/k6ld6teGU//blllQO5EUt0+BFZRUpdVY+:DaARFuKJWhQkavn//blllQdNaFDGX5
Static task
static1
Behavioral task
behavioral1
Sample
587a31895fca4e9896d0d9eae111008fc2a95868737264d41076fc290b880da8.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
587a31895fca4e9896d0d9eae111008fc2a95868737264d41076fc290b880da8
-
Size
4.2MB
-
MD5
1464a85c07151d5c6a8d2df2e0d77234
-
SHA1
00541aea9d9cc6dbb41516d5950a5e977f8d693b
-
SHA256
587a31895fca4e9896d0d9eae111008fc2a95868737264d41076fc290b880da8
-
SHA512
588800de348f85980a2193b9d02539fdb62c4f1b09358d46fe925698504a475f7c37b946eb9ea874aedb9fde56c884822d134404b3c22f8690f6428499a01ff8
-
SSDEEP
98304:Du15A1GiNRFuKfVvdEh8/k6ld6teGU//blllQO5EUt0+BFZRUpdVY+:DaARFuKJWhQkavn//blllQdNaFDGX5
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1