General
-
Target
c75db5c014523140eeb698c796a8c3a487d0d7663ba7f6b57852e7c91279ae01
-
Size
4.2MB
-
Sample
240419-yn56waea23
-
MD5
0e60b72dceb55ccfa12d839bb9cc8399
-
SHA1
eeae1a5b7f486f8870268bfec9fab1971c06048b
-
SHA256
c75db5c014523140eeb698c796a8c3a487d0d7663ba7f6b57852e7c91279ae01
-
SHA512
f305d1001481898bd7567657e4fb4741c5ee1c5bc5b6594ce0b6975e6e6f21fc576601751f8858617e7a1f5b237ecde96bf946c819ff4ba01ec4b1ce847c1af1
-
SSDEEP
98304:x00QK3N3Jc8wpX9Ml+P+WnP01raAvqFLRTemOJzdkXGv:DpJcNpX++PyaASVpB6ka
Static task
static1
Behavioral task
behavioral1
Sample
c75db5c014523140eeb698c796a8c3a487d0d7663ba7f6b57852e7c91279ae01.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
c75db5c014523140eeb698c796a8c3a487d0d7663ba7f6b57852e7c91279ae01
-
Size
4.2MB
-
MD5
0e60b72dceb55ccfa12d839bb9cc8399
-
SHA1
eeae1a5b7f486f8870268bfec9fab1971c06048b
-
SHA256
c75db5c014523140eeb698c796a8c3a487d0d7663ba7f6b57852e7c91279ae01
-
SHA512
f305d1001481898bd7567657e4fb4741c5ee1c5bc5b6594ce0b6975e6e6f21fc576601751f8858617e7a1f5b237ecde96bf946c819ff4ba01ec4b1ce847c1af1
-
SSDEEP
98304:x00QK3N3Jc8wpX9Ml+P+WnP01raAvqFLRTemOJzdkXGv:DpJcNpX++PyaASVpB6ka
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1