General
-
Target
54c47e636ec2bedd8fedf152f7cd19e67618d1ec4c6c9844fa7763440b0d7d7b
-
Size
4.2MB
-
Sample
240420-tm7wvscc92
-
MD5
31c124baab7f10fa38cd9eebf5459344
-
SHA1
8b8df64d1ce005ae36283c21ba968c9b0234736e
-
SHA256
54c47e636ec2bedd8fedf152f7cd19e67618d1ec4c6c9844fa7763440b0d7d7b
-
SHA512
868ebd6d349b6bd437570ae96accf3f5ee9b6657f77d2ed620547f7ac1abd26635c96b7fde0a8cf07d28c248902098a5a014b2ffd1f556589981258f1d594259
-
SSDEEP
49152:Ar1oHj0tlV0f9s8MWzX04BUpcYbKwdRAyQZQ93cNVdRbmMzimZc5ZnjMAqqwRi8e:ABcwtA9b44emOBqNRUORBLE4Ajzd
Static task
static1
Behavioral task
behavioral1
Sample
54c47e636ec2bedd8fedf152f7cd19e67618d1ec4c6c9844fa7763440b0d7d7b.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
54c47e636ec2bedd8fedf152f7cd19e67618d1ec4c6c9844fa7763440b0d7d7b
-
Size
4.2MB
-
MD5
31c124baab7f10fa38cd9eebf5459344
-
SHA1
8b8df64d1ce005ae36283c21ba968c9b0234736e
-
SHA256
54c47e636ec2bedd8fedf152f7cd19e67618d1ec4c6c9844fa7763440b0d7d7b
-
SHA512
868ebd6d349b6bd437570ae96accf3f5ee9b6657f77d2ed620547f7ac1abd26635c96b7fde0a8cf07d28c248902098a5a014b2ffd1f556589981258f1d594259
-
SSDEEP
49152:Ar1oHj0tlV0f9s8MWzX04BUpcYbKwdRAyQZQ93cNVdRbmMzimZc5ZnjMAqqwRi8e:ABcwtA9b44emOBqNRUORBLE4Ajzd
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1