General
-
Target
e19208f37c7d50fdb9b827f83743046d596729a455aa89aa7fdba905bfb3da6e
-
Size
4.1MB
-
Sample
240421-qadwgaca72
-
MD5
93b5dda99b61d9580afcd0639eed7c68
-
SHA1
7030f7f61b35c7a08b7b5d183797b1d603cad6b9
-
SHA256
e19208f37c7d50fdb9b827f83743046d596729a455aa89aa7fdba905bfb3da6e
-
SHA512
ba38e94064cf6fb74a45d30bc0e65d94a39a994735d02e94090b60d48d304388eec89d9aab0c70dbc973437e4ba22709b619d49d9569d5f1ec1605da319d808c
-
SSDEEP
98304:4upp3WUkLaIVxVQ5Lfi8+DAGSBgUwbhlmIRT0sLJ5s:V24wrgi8oddlbe
Static task
static1
Behavioral task
behavioral1
Sample
e19208f37c7d50fdb9b827f83743046d596729a455aa89aa7fdba905bfb3da6e.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
e19208f37c7d50fdb9b827f83743046d596729a455aa89aa7fdba905bfb3da6e
-
Size
4.1MB
-
MD5
93b5dda99b61d9580afcd0639eed7c68
-
SHA1
7030f7f61b35c7a08b7b5d183797b1d603cad6b9
-
SHA256
e19208f37c7d50fdb9b827f83743046d596729a455aa89aa7fdba905bfb3da6e
-
SHA512
ba38e94064cf6fb74a45d30bc0e65d94a39a994735d02e94090b60d48d304388eec89d9aab0c70dbc973437e4ba22709b619d49d9569d5f1ec1605da319d808c
-
SSDEEP
98304:4upp3WUkLaIVxVQ5Lfi8+DAGSBgUwbhlmIRT0sLJ5s:V24wrgi8oddlbe
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1