General
-
Target
9757a1dc535ba6d3d0bb4066a7f64f231bfdfe63c0586ce2c574dd083e353d1b
-
Size
4.2MB
-
Sample
240420-z8s8gsac58
-
MD5
25af9b4a4899d341dcc086e593c29ada
-
SHA1
11f4cc97ce08cfbed7655abbbb95a37a718acdab
-
SHA256
9757a1dc535ba6d3d0bb4066a7f64f231bfdfe63c0586ce2c574dd083e353d1b
-
SHA512
84902e791204d5fba7c71ca59a5463b2de2d201fa1ab575b6c9716681a5f50a88f6f750520e167bb87f26abd23a127c8526e08786ad429324c8aca795b178dba
-
SSDEEP
98304:qB6TE4JDSTIitXqfSjBwF+v4rSSNjcdSqGUwT7RQU7ON:3TFmTI8qKjKFA4r+dAh7RQUI
Static task
static1
Behavioral task
behavioral1
Sample
9757a1dc535ba6d3d0bb4066a7f64f231bfdfe63c0586ce2c574dd083e353d1b.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
9757a1dc535ba6d3d0bb4066a7f64f231bfdfe63c0586ce2c574dd083e353d1b
-
Size
4.2MB
-
MD5
25af9b4a4899d341dcc086e593c29ada
-
SHA1
11f4cc97ce08cfbed7655abbbb95a37a718acdab
-
SHA256
9757a1dc535ba6d3d0bb4066a7f64f231bfdfe63c0586ce2c574dd083e353d1b
-
SHA512
84902e791204d5fba7c71ca59a5463b2de2d201fa1ab575b6c9716681a5f50a88f6f750520e167bb87f26abd23a127c8526e08786ad429324c8aca795b178dba
-
SSDEEP
98304:qB6TE4JDSTIitXqfSjBwF+v4rSSNjcdSqGUwT7RQU7ON:3TFmTI8qKjKFA4r+dAh7RQUI
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1