General
-
Target
dc9d885d7fd0114e71412f0c00aea6ccd25a5ae4162acc77a7434f314517b767
-
Size
4.1MB
-
Sample
240421-zf91jabd8x
-
MD5
51c90a206f20c2aca739407e8c0bb7a3
-
SHA1
4c50f617534b185a8dc7c4c275a5a1ba1a86e49f
-
SHA256
dc9d885d7fd0114e71412f0c00aea6ccd25a5ae4162acc77a7434f314517b767
-
SHA512
b3f5f0e8c7eccd62992a937e6b9c839dc050f9984828102a3721ed4696c6c0fdff5624ff54e12ac90a4987c5cb69c39d22e315b79463252a95960d4fbb3a4238
-
SSDEEP
98304:gwsyYpLI30hNm0X97sfQhuFOzbEeYixTYaktM3XAOoYGnm0lEs:mllzc0tsfv+41ixUfgAfRVr
Static task
static1
Behavioral task
behavioral1
Sample
dc9d885d7fd0114e71412f0c00aea6ccd25a5ae4162acc77a7434f314517b767.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
dc9d885d7fd0114e71412f0c00aea6ccd25a5ae4162acc77a7434f314517b767
-
Size
4.1MB
-
MD5
51c90a206f20c2aca739407e8c0bb7a3
-
SHA1
4c50f617534b185a8dc7c4c275a5a1ba1a86e49f
-
SHA256
dc9d885d7fd0114e71412f0c00aea6ccd25a5ae4162acc77a7434f314517b767
-
SHA512
b3f5f0e8c7eccd62992a937e6b9c839dc050f9984828102a3721ed4696c6c0fdff5624ff54e12ac90a4987c5cb69c39d22e315b79463252a95960d4fbb3a4238
-
SSDEEP
98304:gwsyYpLI30hNm0X97sfQhuFOzbEeYixTYaktM3XAOoYGnm0lEs:mllzc0tsfv+41ixUfgAfRVr
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1