General
-
Target
f1e43ae4574ddc6a5f99dfb1d4e8df6abbabc0022eb12195b20cbb96f52a30d0
-
Size
4.2MB
-
Sample
240419-ysrjaaea95
-
MD5
922ea5152ba31e939f923f84381e5471
-
SHA1
4eff6dc0c7104a9769db045bdc94ba24be7f6894
-
SHA256
f1e43ae4574ddc6a5f99dfb1d4e8df6abbabc0022eb12195b20cbb96f52a30d0
-
SHA512
aeeb3d82bcdba8c9f94cfcf5599a8b278bee13c3e34d99dec279946316d157164128f902659220c453e2c723d3c57bd64c0287cc7c7f368591bff797a22b0b1a
-
SSDEEP
98304:J00QK3N3Jc8wpX9Ml+P+WnP01raAvqFLRTemOJzdkXGK:LpJcNpX++PyaASVpB6kv
Static task
static1
Behavioral task
behavioral1
Sample
f1e43ae4574ddc6a5f99dfb1d4e8df6abbabc0022eb12195b20cbb96f52a30d0.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
f1e43ae4574ddc6a5f99dfb1d4e8df6abbabc0022eb12195b20cbb96f52a30d0
-
Size
4.2MB
-
MD5
922ea5152ba31e939f923f84381e5471
-
SHA1
4eff6dc0c7104a9769db045bdc94ba24be7f6894
-
SHA256
f1e43ae4574ddc6a5f99dfb1d4e8df6abbabc0022eb12195b20cbb96f52a30d0
-
SHA512
aeeb3d82bcdba8c9f94cfcf5599a8b278bee13c3e34d99dec279946316d157164128f902659220c453e2c723d3c57bd64c0287cc7c7f368591bff797a22b0b1a
-
SSDEEP
98304:J00QK3N3Jc8wpX9Ml+P+WnP01raAvqFLRTemOJzdkXGK:LpJcNpX++PyaASVpB6kv
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1