General
-
Target
942373839b92c0f6a0cacc5a0535cd113d59a813f020d8eabd80be61e7f57517
-
Size
4.2MB
-
Sample
240423-pdbd3sga4y
-
MD5
d0a94da6ae3ad7b40130458eb115491a
-
SHA1
d4bd493fcc5878119e4a8b043e0aa56afbb5126c
-
SHA256
942373839b92c0f6a0cacc5a0535cd113d59a813f020d8eabd80be61e7f57517
-
SHA512
5838276244ee8c9c8a8cf46a61e7990fe7a02eed7a8d75df30e2b06d9e6f5e5980df08f6121266c5ba326b319cfd6149dab28be80494d800c934560d05fd54a8
-
SSDEEP
98304:C9dcOUBEbybSH36R/JhlYZJkRBAK/yVZyNfNI1XCYNEN:wyBJSqZXeZGRgrygZo
Static task
static1
Behavioral task
behavioral1
Sample
942373839b92c0f6a0cacc5a0535cd113d59a813f020d8eabd80be61e7f57517.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
942373839b92c0f6a0cacc5a0535cd113d59a813f020d8eabd80be61e7f57517
-
Size
4.2MB
-
MD5
d0a94da6ae3ad7b40130458eb115491a
-
SHA1
d4bd493fcc5878119e4a8b043e0aa56afbb5126c
-
SHA256
942373839b92c0f6a0cacc5a0535cd113d59a813f020d8eabd80be61e7f57517
-
SHA512
5838276244ee8c9c8a8cf46a61e7990fe7a02eed7a8d75df30e2b06d9e6f5e5980df08f6121266c5ba326b319cfd6149dab28be80494d800c934560d05fd54a8
-
SSDEEP
98304:C9dcOUBEbybSH36R/JhlYZJkRBAK/yVZyNfNI1XCYNEN:wyBJSqZXeZGRgrygZo
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1