General
-
Target
5aa1bf144459816d004e86e25b8b7bd7247b2cf0bcae1a8b3b931e749dc1e818
-
Size
4.2MB
-
Sample
240425-h7tn7agg69
-
MD5
4d1fdc30004e2382aa194c8ee48a3b36
-
SHA1
593c5db06a006439e9a37252d7258346e241f236
-
SHA256
5aa1bf144459816d004e86e25b8b7bd7247b2cf0bcae1a8b3b931e749dc1e818
-
SHA512
adc917d1dba313cb0017fd9488119aa15e04b2e2850a1979a0533401a3793dc48592dec04ef5f1963976e8e875433abe5add7b8fa407532076eae36619fde49a
-
SSDEEP
98304:tPsj8nM8f9N7dpNQ5A13kFnblxOFQG3eoyMtxZj:BKe9pO6ublAFHdDtxR
Static task
static1
Behavioral task
behavioral1
Sample
5aa1bf144459816d004e86e25b8b7bd7247b2cf0bcae1a8b3b931e749dc1e818.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
5aa1bf144459816d004e86e25b8b7bd7247b2cf0bcae1a8b3b931e749dc1e818
-
Size
4.2MB
-
MD5
4d1fdc30004e2382aa194c8ee48a3b36
-
SHA1
593c5db06a006439e9a37252d7258346e241f236
-
SHA256
5aa1bf144459816d004e86e25b8b7bd7247b2cf0bcae1a8b3b931e749dc1e818
-
SHA512
adc917d1dba313cb0017fd9488119aa15e04b2e2850a1979a0533401a3793dc48592dec04ef5f1963976e8e875433abe5add7b8fa407532076eae36619fde49a
-
SSDEEP
98304:tPsj8nM8f9N7dpNQ5A13kFnblxOFQG3eoyMtxZj:BKe9pO6ublAFHdDtxR
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1