General
-
Target
1a12b918994647e88b81a21bae6f12b12ff79f45a8c7ad9a51d71569a78c6f95
-
Size
4.1MB
-
Sample
240421-jyedksef59
-
MD5
73eccbeedaa66662e0dbebd18fcf56dd
-
SHA1
484338cf621572985fa7cd7ce6920f4793daf562
-
SHA256
1a12b918994647e88b81a21bae6f12b12ff79f45a8c7ad9a51d71569a78c6f95
-
SHA512
c83d0e3758f5d73e5789fbf504e965b85b5e6f10dd91ee5ca595fd43c15e44f75aa19e17dd902b030f8ffb332587201f26c44800a2742a3130095fbab25c2adb
-
SSDEEP
98304:b4qWg+YQzLmftPjRs7JtBhUiZv1ggcXutB8ev+3Whzrl:bWg+YEmQ7rBhUiZtgg2AB8elhzrl
Static task
static1
Behavioral task
behavioral1
Sample
1a12b918994647e88b81a21bae6f12b12ff79f45a8c7ad9a51d71569a78c6f95.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
1a12b918994647e88b81a21bae6f12b12ff79f45a8c7ad9a51d71569a78c6f95
-
Size
4.1MB
-
MD5
73eccbeedaa66662e0dbebd18fcf56dd
-
SHA1
484338cf621572985fa7cd7ce6920f4793daf562
-
SHA256
1a12b918994647e88b81a21bae6f12b12ff79f45a8c7ad9a51d71569a78c6f95
-
SHA512
c83d0e3758f5d73e5789fbf504e965b85b5e6f10dd91ee5ca595fd43c15e44f75aa19e17dd902b030f8ffb332587201f26c44800a2742a3130095fbab25c2adb
-
SSDEEP
98304:b4qWg+YQzLmftPjRs7JtBhUiZv1ggcXutB8ev+3Whzrl:bWg+YEmQ7rBhUiZtgg2AB8elhzrl
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1