General
-
Target
9dff3c60c2c8103c839c12cae26f002060be569deac7691b1b3a8d98bcc3af36
-
Size
4.2MB
-
Sample
240423-s48ztahf23
-
MD5
e298142c1c1bf34e69feba3eabafa2cd
-
SHA1
4d6ead780a19b276ad44b95322d6264b5649e540
-
SHA256
9dff3c60c2c8103c839c12cae26f002060be569deac7691b1b3a8d98bcc3af36
-
SHA512
9e8330b3f80aee84d1ac981a8806e8b938c7853a90836bd42b9a8802167b23e04bdac72cb69c5f1e2c9dbc659389a1336f9539aef4b963dff4400092120c29f9
-
SSDEEP
98304:l+Gg6aXQ+/QyN9wV3/YhHbVpnwBVKjBiw+3St8Kxp:GXQwQ89A3/Y5DnwBWu3Q8KL
Static task
static1
Behavioral task
behavioral1
Sample
9dff3c60c2c8103c839c12cae26f002060be569deac7691b1b3a8d98bcc3af36.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
9dff3c60c2c8103c839c12cae26f002060be569deac7691b1b3a8d98bcc3af36
-
Size
4.2MB
-
MD5
e298142c1c1bf34e69feba3eabafa2cd
-
SHA1
4d6ead780a19b276ad44b95322d6264b5649e540
-
SHA256
9dff3c60c2c8103c839c12cae26f002060be569deac7691b1b3a8d98bcc3af36
-
SHA512
9e8330b3f80aee84d1ac981a8806e8b938c7853a90836bd42b9a8802167b23e04bdac72cb69c5f1e2c9dbc659389a1336f9539aef4b963dff4400092120c29f9
-
SSDEEP
98304:l+Gg6aXQ+/QyN9wV3/YhHbVpnwBVKjBiw+3St8Kxp:GXQwQ89A3/Y5DnwBWu3Q8KL
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1