General
-
Target
255881d91feaa39f880abfa0eb21a4887114717ea8227e9936b4d6e0fdf44e5c
-
Size
4.1MB
-
Sample
240421-twmx2sfa43
-
MD5
29b8d9b05d7d9c0128afc77efb7d7d64
-
SHA1
85d59cb3c7af73f00ac427e964ae0c8ace60e58d
-
SHA256
255881d91feaa39f880abfa0eb21a4887114717ea8227e9936b4d6e0fdf44e5c
-
SHA512
4095ede2480565a61dfdae7481816c3bb8f5b3e966d132576156e31be2ef89451d4628c34ba36381225ec14fa233aa020a058fc37a27d220de68558e95e02bdf
-
SSDEEP
98304:8wAze/FNZMWTI4IerOgms7GjcZA7/RTa+EmUQAtw:+S/DzMv1si4yTElQZ
Static task
static1
Behavioral task
behavioral1
Sample
255881d91feaa39f880abfa0eb21a4887114717ea8227e9936b4d6e0fdf44e5c.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
255881d91feaa39f880abfa0eb21a4887114717ea8227e9936b4d6e0fdf44e5c
-
Size
4.1MB
-
MD5
29b8d9b05d7d9c0128afc77efb7d7d64
-
SHA1
85d59cb3c7af73f00ac427e964ae0c8ace60e58d
-
SHA256
255881d91feaa39f880abfa0eb21a4887114717ea8227e9936b4d6e0fdf44e5c
-
SHA512
4095ede2480565a61dfdae7481816c3bb8f5b3e966d132576156e31be2ef89451d4628c34ba36381225ec14fa233aa020a058fc37a27d220de68558e95e02bdf
-
SSDEEP
98304:8wAze/FNZMWTI4IerOgms7GjcZA7/RTa+EmUQAtw:+S/DzMv1si4yTElQZ
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1