General
-
Target
88214f514b12634eb3b8e8077b179d09b446bf8d04d237725e4d02c7315a0212
-
Size
4.2MB
-
Sample
240420-skhzaabc49
-
MD5
807fe23eefb0a1b66693e2de0496f558
-
SHA1
5d97ad419f2be745739d9e0ee01766de9d04abb9
-
SHA256
88214f514b12634eb3b8e8077b179d09b446bf8d04d237725e4d02c7315a0212
-
SHA512
ab7843a59f6b94d4f3c986f5f22f428efde84013d05f4160b5fbbda0f165af62cae336684f2bf81b39e2b7ff12356c03da60edb32dce5dbd9255dcde38bf7b95
-
SSDEEP
49152:5KOdvREmi8iTwPpeYBnAu4QJI7RESGN2UNQnUyHdr+bW0USBgrsqhT/DWSjgq2S/:wOLEfT6eYBhfhWV+b2vbWNq2SbuhRC
Static task
static1
Behavioral task
behavioral1
Sample
88214f514b12634eb3b8e8077b179d09b446bf8d04d237725e4d02c7315a0212.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
88214f514b12634eb3b8e8077b179d09b446bf8d04d237725e4d02c7315a0212
-
Size
4.2MB
-
MD5
807fe23eefb0a1b66693e2de0496f558
-
SHA1
5d97ad419f2be745739d9e0ee01766de9d04abb9
-
SHA256
88214f514b12634eb3b8e8077b179d09b446bf8d04d237725e4d02c7315a0212
-
SHA512
ab7843a59f6b94d4f3c986f5f22f428efde84013d05f4160b5fbbda0f165af62cae336684f2bf81b39e2b7ff12356c03da60edb32dce5dbd9255dcde38bf7b95
-
SSDEEP
49152:5KOdvREmi8iTwPpeYBnAu4QJI7RESGN2UNQnUyHdr+bW0USBgrsqhT/DWSjgq2S/:wOLEfT6eYBhfhWV+b2vbWNq2SbuhRC
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1