General
-
Target
8e4ee53cd71182eb970fd40369551b10cd230527ed680627668b1196efba6df0
-
Size
4.2MB
-
Sample
240420-1wpvzaba65
-
MD5
aa3680945e2a73553414c732478d3d03
-
SHA1
7bd3b2e54e3751fe153141259d20c1d6396816f4
-
SHA256
8e4ee53cd71182eb970fd40369551b10cd230527ed680627668b1196efba6df0
-
SHA512
52fe232a3d772a153ff737540401c9a013f4378adf10c72c144441011d97ad1accd7a95635ce137f80eca81afc555ac7637628d13a8eaba85244cf72560ada49
-
SSDEEP
98304:SB6TE4JDSTIitXqfSjBwF+v4rSSNjcdSqGUwT7RQU7OM:PTFmTI8qKjKFA4r+dAh7RQUd
Static task
static1
Behavioral task
behavioral1
Sample
8e4ee53cd71182eb970fd40369551b10cd230527ed680627668b1196efba6df0.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
8e4ee53cd71182eb970fd40369551b10cd230527ed680627668b1196efba6df0
-
Size
4.2MB
-
MD5
aa3680945e2a73553414c732478d3d03
-
SHA1
7bd3b2e54e3751fe153141259d20c1d6396816f4
-
SHA256
8e4ee53cd71182eb970fd40369551b10cd230527ed680627668b1196efba6df0
-
SHA512
52fe232a3d772a153ff737540401c9a013f4378adf10c72c144441011d97ad1accd7a95635ce137f80eca81afc555ac7637628d13a8eaba85244cf72560ada49
-
SSDEEP
98304:SB6TE4JDSTIitXqfSjBwF+v4rSSNjcdSqGUwT7RQU7OM:PTFmTI8qKjKFA4r+dAh7RQUd
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1