General
-
Target
1da2de0c9619d129aae19bd93bd7fa92266f96d0faedb75d45168113a6667a28
-
Size
4.2MB
-
Sample
240420-sy8f4acc4w
-
MD5
318c6c0101122207b139238228448d1c
-
SHA1
13ab59074eb8fac854c75a432bfdfecf0588e6f3
-
SHA256
1da2de0c9619d129aae19bd93bd7fa92266f96d0faedb75d45168113a6667a28
-
SHA512
aa0b92767595fe99a9da8e8c6bd50fab2257adfeb5355780fd7282cedd8ba0001cb79d4e07b470adfce625c491c49c7b573953634e2648f6f115878cb7bc78a1
-
SSDEEP
49152:RKOdvREmi8iTwPpeYBnAu4QJI7RESGN2UNQnUyHdr+bW0USBgrsqhT/DWSjgq2Sh:4OLEfT6eYBhfhWV+b2vbWNq2SbuhRc
Static task
static1
Behavioral task
behavioral1
Sample
1da2de0c9619d129aae19bd93bd7fa92266f96d0faedb75d45168113a6667a28.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
1da2de0c9619d129aae19bd93bd7fa92266f96d0faedb75d45168113a6667a28
-
Size
4.2MB
-
MD5
318c6c0101122207b139238228448d1c
-
SHA1
13ab59074eb8fac854c75a432bfdfecf0588e6f3
-
SHA256
1da2de0c9619d129aae19bd93bd7fa92266f96d0faedb75d45168113a6667a28
-
SHA512
aa0b92767595fe99a9da8e8c6bd50fab2257adfeb5355780fd7282cedd8ba0001cb79d4e07b470adfce625c491c49c7b573953634e2648f6f115878cb7bc78a1
-
SSDEEP
49152:RKOdvREmi8iTwPpeYBnAu4QJI7RESGN2UNQnUyHdr+bW0USBgrsqhT/DWSjgq2Sh:4OLEfT6eYBhfhWV+b2vbWNq2SbuhRc
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1