General
-
Target
3c117306f10caded888705ff4e1d9b1a6023e1799724762e93f48c1c84fea503
-
Size
4.2MB
-
Sample
240419-xzqpwsdb32
-
MD5
7e248f25f0af33ccd8993bd7f5c4a121
-
SHA1
c4cdb88b61822c245445e680d2369a9b5417cab8
-
SHA256
3c117306f10caded888705ff4e1d9b1a6023e1799724762e93f48c1c84fea503
-
SHA512
3d85d9cf79dce74e75a712fe2ae781a7859c380485d5c60f5a8de8f9e26639e5a8e66f6462f4effb7c2d6441668a6e7c03122f4275db3e931a8949891e55e7dc
-
SSDEEP
98304:TtwUIgr6Tu/hivXD0fl0IvZVjhgp1+mYFjvUcmYnimsjZaHe9:Rw6rquKXDtU1Y2GYniVjUHI
Static task
static1
Behavioral task
behavioral1
Sample
3c117306f10caded888705ff4e1d9b1a6023e1799724762e93f48c1c84fea503.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
3c117306f10caded888705ff4e1d9b1a6023e1799724762e93f48c1c84fea503
-
Size
4.2MB
-
MD5
7e248f25f0af33ccd8993bd7f5c4a121
-
SHA1
c4cdb88b61822c245445e680d2369a9b5417cab8
-
SHA256
3c117306f10caded888705ff4e1d9b1a6023e1799724762e93f48c1c84fea503
-
SHA512
3d85d9cf79dce74e75a712fe2ae781a7859c380485d5c60f5a8de8f9e26639e5a8e66f6462f4effb7c2d6441668a6e7c03122f4275db3e931a8949891e55e7dc
-
SSDEEP
98304:TtwUIgr6Tu/hivXD0fl0IvZVjhgp1+mYFjvUcmYnimsjZaHe9:Rw6rquKXDtU1Y2GYniVjUHI
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1