General
-
Target
d91387a8de986d00f0bca89d05caedcd1fbe29d4b1113e8246ac44379bc36c5c
-
Size
4.2MB
-
Sample
240420-kbge4ace28
-
MD5
03473e486d365cd3dc340a0d1a25201b
-
SHA1
ed7cf144630f13bcf70a8df7dd1a109a7b39006a
-
SHA256
d91387a8de986d00f0bca89d05caedcd1fbe29d4b1113e8246ac44379bc36c5c
-
SHA512
82c7547490959f556183d1d4df162e4eb143c7759b8ddbd4532a198125491315b7d63aba35bcbcb12c6d23a6eaf3ff6e6b5e74a48ea088a9fff77ea928fbc07b
-
SSDEEP
98304:yS8Tc81AzKVcNOUNHF6RiNP154spKvDdhObEo7QvVY0ryRAf1Tp7OR/:jEcJzF4UNHqA/dsmoVS4YAf19o
Static task
static1
Behavioral task
behavioral1
Sample
d91387a8de986d00f0bca89d05caedcd1fbe29d4b1113e8246ac44379bc36c5c.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
d91387a8de986d00f0bca89d05caedcd1fbe29d4b1113e8246ac44379bc36c5c
-
Size
4.2MB
-
MD5
03473e486d365cd3dc340a0d1a25201b
-
SHA1
ed7cf144630f13bcf70a8df7dd1a109a7b39006a
-
SHA256
d91387a8de986d00f0bca89d05caedcd1fbe29d4b1113e8246ac44379bc36c5c
-
SHA512
82c7547490959f556183d1d4df162e4eb143c7759b8ddbd4532a198125491315b7d63aba35bcbcb12c6d23a6eaf3ff6e6b5e74a48ea088a9fff77ea928fbc07b
-
SSDEEP
98304:yS8Tc81AzKVcNOUNHF6RiNP154spKvDdhObEo7QvVY0ryRAf1Tp7OR/:jEcJzF4UNHqA/dsmoVS4YAf19o
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1