General
-
Target
c8f6bd4c685a93048672d92f9057d5d535ea2d3db45a3ef480fec3b70b0a3b97
-
Size
4.2MB
-
Sample
240419-x5qxvaea71
-
MD5
a7c99d11e0a3f11864ee6b71bf2f4b08
-
SHA1
c50f1b9ddaa06a55e0d6abba687d77a482bb2408
-
SHA256
c8f6bd4c685a93048672d92f9057d5d535ea2d3db45a3ef480fec3b70b0a3b97
-
SHA512
84bfb379a80980fb909b59a4e3a24e922b6d93647f61c77794e5ab09e1d6fcd95f70abf0e9f804742146f3176413aae54267c9bdf52023ab4c548a234c9fea60
-
SSDEEP
98304:TtwUIgr6Tu/hivXD0fl0IvZVjhgp1+mYFjvUcmYnimsjZaHeF:Rw6rquKXDtU1Y2GYniVjUHw
Static task
static1
Behavioral task
behavioral1
Sample
c8f6bd4c685a93048672d92f9057d5d535ea2d3db45a3ef480fec3b70b0a3b97.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
c8f6bd4c685a93048672d92f9057d5d535ea2d3db45a3ef480fec3b70b0a3b97
-
Size
4.2MB
-
MD5
a7c99d11e0a3f11864ee6b71bf2f4b08
-
SHA1
c50f1b9ddaa06a55e0d6abba687d77a482bb2408
-
SHA256
c8f6bd4c685a93048672d92f9057d5d535ea2d3db45a3ef480fec3b70b0a3b97
-
SHA512
84bfb379a80980fb909b59a4e3a24e922b6d93647f61c77794e5ab09e1d6fcd95f70abf0e9f804742146f3176413aae54267c9bdf52023ab4c548a234c9fea60
-
SSDEEP
98304:TtwUIgr6Tu/hivXD0fl0IvZVjhgp1+mYFjvUcmYnimsjZaHeF:Rw6rquKXDtU1Y2GYniVjUHw
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1