General
-
Target
11d88e0ce0643507a8cbca495776c01645c9a38f6d3ebcee8750f33e6a41294c
-
Size
4.1MB
-
Sample
240421-jy4ngaef68
-
MD5
598c6f8e8a6b3391aa044b78a9e91243
-
SHA1
fe480e86103696fac26adac753c1e459672a8ebb
-
SHA256
11d88e0ce0643507a8cbca495776c01645c9a38f6d3ebcee8750f33e6a41294c
-
SHA512
4690d38301ac6f63b3bd88a49699e1ab4d33c4d4465de4b492d0a480cc2d5d4b42a04932488f9b6daf2186ba49adbf00a88b20485d12093a19644780f1739ec5
-
SSDEEP
98304:74qWg+YQzLmftPjRs7JtBhUiZv1ggcXutB8ev+3Whzrj:7Wg+YEmQ7rBhUiZtgg2AB8elhzrj
Static task
static1
Behavioral task
behavioral1
Sample
11d88e0ce0643507a8cbca495776c01645c9a38f6d3ebcee8750f33e6a41294c.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
11d88e0ce0643507a8cbca495776c01645c9a38f6d3ebcee8750f33e6a41294c
-
Size
4.1MB
-
MD5
598c6f8e8a6b3391aa044b78a9e91243
-
SHA1
fe480e86103696fac26adac753c1e459672a8ebb
-
SHA256
11d88e0ce0643507a8cbca495776c01645c9a38f6d3ebcee8750f33e6a41294c
-
SHA512
4690d38301ac6f63b3bd88a49699e1ab4d33c4d4465de4b492d0a480cc2d5d4b42a04932488f9b6daf2186ba49adbf00a88b20485d12093a19644780f1739ec5
-
SSDEEP
98304:74qWg+YQzLmftPjRs7JtBhUiZv1ggcXutB8ev+3Whzrj:7Wg+YEmQ7rBhUiZtgg2AB8elhzrj
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1