General
-
Target
902a6a0c34e783fc02eaa4a0e0ebd8706caf63957ad33f164cf612ce49657bd9
-
Size
4.1MB
-
Sample
240421-j3912sfb7x
-
MD5
a61b5cf4ae801b132bc2629271b6b509
-
SHA1
dc4540034a0ef389711c080ebf359ea458a36cd1
-
SHA256
902a6a0c34e783fc02eaa4a0e0ebd8706caf63957ad33f164cf612ce49657bd9
-
SHA512
4f9658f1a7e2714c2c5d904a490c1e14cd37c3a4acd2b32aef906d912fd80bbfa1ce226f15d1dd923d4f52abdb023b583e1fc0a33acbe4f6d22f68277f57e542
-
SSDEEP
98304:74qWg+YQzLmftPjRs7JtBhUiZv1ggcXutB8ev+3Whzr8:7Wg+YEmQ7rBhUiZtgg2AB8elhzr8
Static task
static1
Behavioral task
behavioral1
Sample
902a6a0c34e783fc02eaa4a0e0ebd8706caf63957ad33f164cf612ce49657bd9.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
902a6a0c34e783fc02eaa4a0e0ebd8706caf63957ad33f164cf612ce49657bd9
-
Size
4.1MB
-
MD5
a61b5cf4ae801b132bc2629271b6b509
-
SHA1
dc4540034a0ef389711c080ebf359ea458a36cd1
-
SHA256
902a6a0c34e783fc02eaa4a0e0ebd8706caf63957ad33f164cf612ce49657bd9
-
SHA512
4f9658f1a7e2714c2c5d904a490c1e14cd37c3a4acd2b32aef906d912fd80bbfa1ce226f15d1dd923d4f52abdb023b583e1fc0a33acbe4f6d22f68277f57e542
-
SSDEEP
98304:74qWg+YQzLmftPjRs7JtBhUiZv1ggcXutB8ev+3Whzr8:7Wg+YEmQ7rBhUiZtgg2AB8elhzr8
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1