General
-
Target
3e86ecb26297a2643cf833859f1dd0d156d03394c3c57ee01c5d6ce6e8ba48d3
-
Size
4.1MB
-
Sample
240421-y62leaba59
-
MD5
8c18ab6db3c55f3aef0e8546234cac65
-
SHA1
ef0cd7fe6c665599328031b3da4eaa09753c1aa7
-
SHA256
3e86ecb26297a2643cf833859f1dd0d156d03394c3c57ee01c5d6ce6e8ba48d3
-
SHA512
17d6301558f8c03f1a42c5eaf5438e83c17b02429d3aef175d6c39653d51de5c0397b3001c6610325d47345a358cfac1a6fc828651b27eb896251f0010f3245a
-
SSDEEP
98304:I6+NbupGYWkWUKqb2mQEf1KRMJYjr3YWC6hMfGb3gpntS1:J+NqpqkWfc2mFNDYjrxhMfGQpntS
Static task
static1
Behavioral task
behavioral1
Sample
3e86ecb26297a2643cf833859f1dd0d156d03394c3c57ee01c5d6ce6e8ba48d3.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
3e86ecb26297a2643cf833859f1dd0d156d03394c3c57ee01c5d6ce6e8ba48d3
-
Size
4.1MB
-
MD5
8c18ab6db3c55f3aef0e8546234cac65
-
SHA1
ef0cd7fe6c665599328031b3da4eaa09753c1aa7
-
SHA256
3e86ecb26297a2643cf833859f1dd0d156d03394c3c57ee01c5d6ce6e8ba48d3
-
SHA512
17d6301558f8c03f1a42c5eaf5438e83c17b02429d3aef175d6c39653d51de5c0397b3001c6610325d47345a358cfac1a6fc828651b27eb896251f0010f3245a
-
SSDEEP
98304:I6+NbupGYWkWUKqb2mQEf1KRMJYjr3YWC6hMfGb3gpntS1:J+NqpqkWfc2mFNDYjrxhMfGQpntS
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1