General
-
Target
2d5c068c39417302db6d1905f8829856a545c72644318168a96e92804deae264
-
Size
4.2MB
-
Sample
240423-sxfdxshe36
-
MD5
e678e5d403ec043868dd9795df60d840
-
SHA1
c57fc57cf996351702ea1eca0a3e8a54e09a9410
-
SHA256
2d5c068c39417302db6d1905f8829856a545c72644318168a96e92804deae264
-
SHA512
4999ead6770451fd4bb5264ed72ecdb5e1d2de5092a1b78ff27d862e752494f880bec91d2c0efc2be901ec398b76f2057aea6f76f769835015a0c46a98d9261a
-
SSDEEP
98304:xYLCMptDmsu+9iprwjFTOTj/zIJhxobwLXF8FmbNEpdL19bKI:FkDFH9njBOTWhxocJmmbsdxhx
Static task
static1
Behavioral task
behavioral1
Sample
2d5c068c39417302db6d1905f8829856a545c72644318168a96e92804deae264.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
2d5c068c39417302db6d1905f8829856a545c72644318168a96e92804deae264
-
Size
4.2MB
-
MD5
e678e5d403ec043868dd9795df60d840
-
SHA1
c57fc57cf996351702ea1eca0a3e8a54e09a9410
-
SHA256
2d5c068c39417302db6d1905f8829856a545c72644318168a96e92804deae264
-
SHA512
4999ead6770451fd4bb5264ed72ecdb5e1d2de5092a1b78ff27d862e752494f880bec91d2c0efc2be901ec398b76f2057aea6f76f769835015a0c46a98d9261a
-
SSDEEP
98304:xYLCMptDmsu+9iprwjFTOTj/zIJhxobwLXF8FmbNEpdL19bKI:FkDFH9njBOTWhxocJmmbsdxhx
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1