General
-
Target
525cd3938574771203acb88047e13f44ab5f613c2381b49ab84acc2394e5ab65
-
Size
4.2MB
-
Sample
240423-ph47ysgb83
-
MD5
92aa71b11cef046ba71765319080e17f
-
SHA1
e3667973fbf4bd9b68cd90522bc7b92eee3ed590
-
SHA256
525cd3938574771203acb88047e13f44ab5f613c2381b49ab84acc2394e5ab65
-
SHA512
b4e2ac6386f641b380ae23c5d1216d8cd62b6850dda3901e0548ced150173f68576785c9fd5ad408bdd39cb2b72f195a4765d0b8cda66492ff0dff45105e94dd
-
SSDEEP
98304:69dcOUBEbybSH36R/JhlYZJkRBAK/yVZyNfNI1XCYNEb:YyBJSqZXeZGRgrygZO
Static task
static1
Behavioral task
behavioral1
Sample
525cd3938574771203acb88047e13f44ab5f613c2381b49ab84acc2394e5ab65.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
525cd3938574771203acb88047e13f44ab5f613c2381b49ab84acc2394e5ab65
-
Size
4.2MB
-
MD5
92aa71b11cef046ba71765319080e17f
-
SHA1
e3667973fbf4bd9b68cd90522bc7b92eee3ed590
-
SHA256
525cd3938574771203acb88047e13f44ab5f613c2381b49ab84acc2394e5ab65
-
SHA512
b4e2ac6386f641b380ae23c5d1216d8cd62b6850dda3901e0548ced150173f68576785c9fd5ad408bdd39cb2b72f195a4765d0b8cda66492ff0dff45105e94dd
-
SSDEEP
98304:69dcOUBEbybSH36R/JhlYZJkRBAK/yVZyNfNI1XCYNEb:YyBJSqZXeZGRgrygZO
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1