General
-
Target
843b947c53c5c2af2469d0ca781468870c0064b2225b4fdecc11e6cc24951ec8
-
Size
4.2MB
-
Sample
240419-yszjwseh41
-
MD5
1c55bf2921a2794845b046dd317ab941
-
SHA1
558f6c725d67c19fd115e181d558a61deb5e62c3
-
SHA256
843b947c53c5c2af2469d0ca781468870c0064b2225b4fdecc11e6cc24951ec8
-
SHA512
aa72e9ae7b77994b42f7d82eee00ca1bbfb8522597bd226c4cee3438d904fb673b6e89348e366e5a86aa452dad38d1f5b64a14bbda01f5fdb1c7459d0825746b
-
SSDEEP
98304:p00QK3N3Jc8wpX9Ml+P+WnP01raAvqFLRTemOJzdkXGp:rpJcNpX++PyaASVpB6k4
Static task
static1
Behavioral task
behavioral1
Sample
843b947c53c5c2af2469d0ca781468870c0064b2225b4fdecc11e6cc24951ec8.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
843b947c53c5c2af2469d0ca781468870c0064b2225b4fdecc11e6cc24951ec8
-
Size
4.2MB
-
MD5
1c55bf2921a2794845b046dd317ab941
-
SHA1
558f6c725d67c19fd115e181d558a61deb5e62c3
-
SHA256
843b947c53c5c2af2469d0ca781468870c0064b2225b4fdecc11e6cc24951ec8
-
SHA512
aa72e9ae7b77994b42f7d82eee00ca1bbfb8522597bd226c4cee3438d904fb673b6e89348e366e5a86aa452dad38d1f5b64a14bbda01f5fdb1c7459d0825746b
-
SSDEEP
98304:p00QK3N3Jc8wpX9Ml+P+WnP01raAvqFLRTemOJzdkXGp:rpJcNpX++PyaASVpB6k4
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1