General
-
Target
895983765d136f67c5f3916f8b4f0024e475a247926a980d29f73e9180bc4971
-
Size
4.2MB
-
Sample
240420-kceynace55
-
MD5
4adf4fe1695ef3f7c22fceb960bb7d95
-
SHA1
d8418800c03b12565849c2d743a8959f60fb2c3c
-
SHA256
895983765d136f67c5f3916f8b4f0024e475a247926a980d29f73e9180bc4971
-
SHA512
767e8712b1654f60665d205f5971c5f90b731a76d9c7bd3becaed4af4df05a246cc85c8bfdfe064be307d992c667afd2637291f464a00442daa43913290181fe
-
SSDEEP
98304:iS8Tc81AzKVcNOUNHF6RiNP154spKvDdhObEo7QvVY0ryRAf1Tp7ORO:TEcJzF4UNHqA/dsmoVS4YAf195
Static task
static1
Behavioral task
behavioral1
Sample
895983765d136f67c5f3916f8b4f0024e475a247926a980d29f73e9180bc4971.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
895983765d136f67c5f3916f8b4f0024e475a247926a980d29f73e9180bc4971
-
Size
4.2MB
-
MD5
4adf4fe1695ef3f7c22fceb960bb7d95
-
SHA1
d8418800c03b12565849c2d743a8959f60fb2c3c
-
SHA256
895983765d136f67c5f3916f8b4f0024e475a247926a980d29f73e9180bc4971
-
SHA512
767e8712b1654f60665d205f5971c5f90b731a76d9c7bd3becaed4af4df05a246cc85c8bfdfe064be307d992c667afd2637291f464a00442daa43913290181fe
-
SSDEEP
98304:iS8Tc81AzKVcNOUNHF6RiNP154spKvDdhObEo7QvVY0ryRAf1Tp7ORO:TEcJzF4UNHqA/dsmoVS4YAf195
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1