General
-
Target
8326a02c882a5bad22365bf6e1da789ea8f140df415cfb7966123d5ace4373cf
-
Size
4.2MB
-
Sample
240420-zdc8sahc99
-
MD5
a77d44a39e0440b2213ab71f6bed30e3
-
SHA1
be15d762b23fafaf53fad87b811caf38214cfb47
-
SHA256
8326a02c882a5bad22365bf6e1da789ea8f140df415cfb7966123d5ace4373cf
-
SHA512
b11f578a5f332d11695cc23f9bcdd3e5269a87d97e9377fdac0522e5fd5bca62a6869c9e280c8c74a9feda6dfb35421e676fa35450f81aa3a5179e13e84cb7b3
-
SSDEEP
98304:bVFRqPMdPA984H0WMAw6acMgLNchhd+W2lPIIo31xn1vrLR/3Lz8:hFYkS+E0uawLNQ+/9Bo7/s
Static task
static1
Behavioral task
behavioral1
Sample
8326a02c882a5bad22365bf6e1da789ea8f140df415cfb7966123d5ace4373cf.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
8326a02c882a5bad22365bf6e1da789ea8f140df415cfb7966123d5ace4373cf
-
Size
4.2MB
-
MD5
a77d44a39e0440b2213ab71f6bed30e3
-
SHA1
be15d762b23fafaf53fad87b811caf38214cfb47
-
SHA256
8326a02c882a5bad22365bf6e1da789ea8f140df415cfb7966123d5ace4373cf
-
SHA512
b11f578a5f332d11695cc23f9bcdd3e5269a87d97e9377fdac0522e5fd5bca62a6869c9e280c8c74a9feda6dfb35421e676fa35450f81aa3a5179e13e84cb7b3
-
SSDEEP
98304:bVFRqPMdPA984H0WMAw6acMgLNchhd+W2lPIIo31xn1vrLR/3Lz8:hFYkS+E0uawLNQ+/9Bo7/s
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1