General
-
Target
c07747db30565aa8c9e556169501b087394f55056c1cedd7985a206b1dea5334
-
Size
4.2MB
-
Sample
240423-st87tshd89
-
MD5
279ce3a72ee314942abc1556208e0dea
-
SHA1
d6b035322527dc4fc032ee6c81ce3f7bb72a4463
-
SHA256
c07747db30565aa8c9e556169501b087394f55056c1cedd7985a206b1dea5334
-
SHA512
24c0fff3f2f905216d903bb20baa1e5fcb382cdf75ca863b56ed7700d5ef0a09b09620af44979fb2a55278d45d4513e8dcdfe12a240d006e84c95f6142166167
-
SSDEEP
98304:pYLCMptDmsu+9iprwjFTOTj/zIJhxobwLXF8FmbNEpdL19bKK:dkDFH9njBOTWhxocJmmbsdxhv
Static task
static1
Behavioral task
behavioral1
Sample
c07747db30565aa8c9e556169501b087394f55056c1cedd7985a206b1dea5334.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
c07747db30565aa8c9e556169501b087394f55056c1cedd7985a206b1dea5334
-
Size
4.2MB
-
MD5
279ce3a72ee314942abc1556208e0dea
-
SHA1
d6b035322527dc4fc032ee6c81ce3f7bb72a4463
-
SHA256
c07747db30565aa8c9e556169501b087394f55056c1cedd7985a206b1dea5334
-
SHA512
24c0fff3f2f905216d903bb20baa1e5fcb382cdf75ca863b56ed7700d5ef0a09b09620af44979fb2a55278d45d4513e8dcdfe12a240d006e84c95f6142166167
-
SSDEEP
98304:pYLCMptDmsu+9iprwjFTOTj/zIJhxobwLXF8FmbNEpdL19bKK:dkDFH9njBOTWhxocJmmbsdxhv
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1