General
-
Target
e41e0a6eea816c1871c7b50ccdcf4e94ece6795d5e9dfd2d58294a84f2131173
-
Size
4.2MB
-
Sample
240420-ny9xpsge8s
-
MD5
3ce7c9e525dde1ad1ea7674817812fd0
-
SHA1
d0aa52508bfbe1a464fc3a2309a78fa61f8cd1d4
-
SHA256
e41e0a6eea816c1871c7b50ccdcf4e94ece6795d5e9dfd2d58294a84f2131173
-
SHA512
f62b5efe6d122947390c7da322dd26f060d8cf6ffe65bdc95f742dc601a9dca59eb3981280af59eb2e02e9efd8e9d74d06be02d1141e08dc7a302e1ae9e20bd2
-
SSDEEP
98304:SExeyMsyixS5pRc4vIUtzCuveHCg7xBa+u+nRe:SMby0Sruak17xwL
Static task
static1
Behavioral task
behavioral1
Sample
e41e0a6eea816c1871c7b50ccdcf4e94ece6795d5e9dfd2d58294a84f2131173.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
e41e0a6eea816c1871c7b50ccdcf4e94ece6795d5e9dfd2d58294a84f2131173
-
Size
4.2MB
-
MD5
3ce7c9e525dde1ad1ea7674817812fd0
-
SHA1
d0aa52508bfbe1a464fc3a2309a78fa61f8cd1d4
-
SHA256
e41e0a6eea816c1871c7b50ccdcf4e94ece6795d5e9dfd2d58294a84f2131173
-
SHA512
f62b5efe6d122947390c7da322dd26f060d8cf6ffe65bdc95f742dc601a9dca59eb3981280af59eb2e02e9efd8e9d74d06be02d1141e08dc7a302e1ae9e20bd2
-
SSDEEP
98304:SExeyMsyixS5pRc4vIUtzCuveHCg7xBa+u+nRe:SMby0Sruak17xwL
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1