General
-
Target
ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f
-
Size
4.2MB
-
Sample
240419-xt1ynsdg2v
-
MD5
5311a52bcdf3090e008cf1037b16dcfb
-
SHA1
ea62b83066547331b96b6d43330ab31e4a0a346b
-
SHA256
ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f
-
SHA512
1000390bc85496f6c4b72802c5220a64e0b08dc137b6cfc231b9439b2cef6396adb2de451b77482f56a4982986e29c35c92e6eadd6c93274428e53df7141d3ef
-
SSDEEP
98304:BqrB5wn4OMCZOc7+DuxcvwRwKkZb9A25YIHnzSUGXdTRu1L6e:uBo4d4+DucuGBGNT0Lb
Static task
static1
Behavioral task
behavioral1
Sample
ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f
-
Size
4.2MB
-
MD5
5311a52bcdf3090e008cf1037b16dcfb
-
SHA1
ea62b83066547331b96b6d43330ab31e4a0a346b
-
SHA256
ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f
-
SHA512
1000390bc85496f6c4b72802c5220a64e0b08dc137b6cfc231b9439b2cef6396adb2de451b77482f56a4982986e29c35c92e6eadd6c93274428e53df7141d3ef
-
SSDEEP
98304:BqrB5wn4OMCZOc7+DuxcvwRwKkZb9A25YIHnzSUGXdTRu1L6e:uBo4d4+DucuGBGNT0Lb
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1