General
-
Target
e3b7410f25d23aa9fd638e0dbe56ef735151d8b47f13ab2f0cb173943c182b05
-
Size
4.2MB
-
Sample
240419-wnnwgscc2y
-
MD5
1d213c7a8ede391edda993d04596fabc
-
SHA1
ad1db6c10cc4d965304f82e67e06e3ac76968a8a
-
SHA256
e3b7410f25d23aa9fd638e0dbe56ef735151d8b47f13ab2f0cb173943c182b05
-
SHA512
ae3102df6674be740c85d435f3a33e42f9ffc28e9bdcd7cdfe6ab8665f2b18861bc4a09dd365c3effc1fcceb554e37bde8eedf798806d4962168dd595c51b97c
-
SSDEEP
98304:1By5JAu+Hk0Et5Mgg8VWlfA2+5+VVv7Fm6fCg:uAu+ENnjVyYiVNw4N
Static task
static1
Behavioral task
behavioral1
Sample
e3b7410f25d23aa9fd638e0dbe56ef735151d8b47f13ab2f0cb173943c182b05.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
e3b7410f25d23aa9fd638e0dbe56ef735151d8b47f13ab2f0cb173943c182b05
-
Size
4.2MB
-
MD5
1d213c7a8ede391edda993d04596fabc
-
SHA1
ad1db6c10cc4d965304f82e67e06e3ac76968a8a
-
SHA256
e3b7410f25d23aa9fd638e0dbe56ef735151d8b47f13ab2f0cb173943c182b05
-
SHA512
ae3102df6674be740c85d435f3a33e42f9ffc28e9bdcd7cdfe6ab8665f2b18861bc4a09dd365c3effc1fcceb554e37bde8eedf798806d4962168dd595c51b97c
-
SSDEEP
98304:1By5JAu+Hk0Et5Mgg8VWlfA2+5+VVv7Fm6fCg:uAu+ENnjVyYiVNw4N
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1