General
-
Target
1dd1b50c5937f355aaa536945e4b2dbcfe9225fc091cbe3af934a94db01acfe3
-
Size
4.2MB
-
Sample
240420-kcg31sce57
-
MD5
a013daabe270ebe2c28541a250891db8
-
SHA1
68ab70479f15b061dc9253d8fc0d37dcb39b0891
-
SHA256
1dd1b50c5937f355aaa536945e4b2dbcfe9225fc091cbe3af934a94db01acfe3
-
SHA512
38a1b2bef6470894476b7538cd11dd67b7d75f3a904e54a574790485867f5729945b34823f0bc0a9457b3a3142a9145956ef3d11e89f39dc983dd33974b6fef5
-
SSDEEP
98304:KS8Tc81AzKVcNOUNHF6RiNP154spKvDdhObEo7QvVY0ryRAf1Tp7ORj:LEcJzF4UNHqA/dsmoVS4YAf19I
Static task
static1
Behavioral task
behavioral1
Sample
1dd1b50c5937f355aaa536945e4b2dbcfe9225fc091cbe3af934a94db01acfe3.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
1dd1b50c5937f355aaa536945e4b2dbcfe9225fc091cbe3af934a94db01acfe3
-
Size
4.2MB
-
MD5
a013daabe270ebe2c28541a250891db8
-
SHA1
68ab70479f15b061dc9253d8fc0d37dcb39b0891
-
SHA256
1dd1b50c5937f355aaa536945e4b2dbcfe9225fc091cbe3af934a94db01acfe3
-
SHA512
38a1b2bef6470894476b7538cd11dd67b7d75f3a904e54a574790485867f5729945b34823f0bc0a9457b3a3142a9145956ef3d11e89f39dc983dd33974b6fef5
-
SSDEEP
98304:KS8Tc81AzKVcNOUNHF6RiNP154spKvDdhObEo7QvVY0ryRAf1Tp7ORj:LEcJzF4UNHqA/dsmoVS4YAf19I
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1