General
-
Target
e2693272500a1df616b321f7a98380c4453dc03110df28c7fadc6ed4a9458d7b
-
Size
4.2MB
-
Sample
240419-rdta1aec33
-
MD5
b2128cefe6a9d6678b19d9f3ad12284f
-
SHA1
987e368da9ff647e8675936d20a4d1c4704839a8
-
SHA256
e2693272500a1df616b321f7a98380c4453dc03110df28c7fadc6ed4a9458d7b
-
SHA512
3520921bb9a9054084f06799ae198ecbaf38a13fd0c476dbef8a292ce0043ede00c3cf2dc4e70c63a23368ffb50e42c45e3c283bd169391cc5e03c67890dea44
-
SSDEEP
98304:Lu15A1GiNRFuKfVvdEh8/k6ld6teGU//blllQO5EUt0+BFZRUpdVYG:LaARFuKJWhQkavn//blllQdNaFDGX5
Static task
static1
Behavioral task
behavioral1
Sample
e2693272500a1df616b321f7a98380c4453dc03110df28c7fadc6ed4a9458d7b.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
e2693272500a1df616b321f7a98380c4453dc03110df28c7fadc6ed4a9458d7b
-
Size
4.2MB
-
MD5
b2128cefe6a9d6678b19d9f3ad12284f
-
SHA1
987e368da9ff647e8675936d20a4d1c4704839a8
-
SHA256
e2693272500a1df616b321f7a98380c4453dc03110df28c7fadc6ed4a9458d7b
-
SHA512
3520921bb9a9054084f06799ae198ecbaf38a13fd0c476dbef8a292ce0043ede00c3cf2dc4e70c63a23368ffb50e42c45e3c283bd169391cc5e03c67890dea44
-
SSDEEP
98304:Lu15A1GiNRFuKfVvdEh8/k6ld6teGU//blllQO5EUt0+BFZRUpdVYG:LaARFuKJWhQkavn//blllQdNaFDGX5
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1