General
-
Target
a1e27623691aa3995d0879591db2ca9455ac31fb261b8ee5a1b37e0194b872eb
-
Size
4.2MB
-
Sample
240425-h8a88sgg73
-
MD5
d98b18f43707ea0836317985dda7a55e
-
SHA1
1f34fa31354f01c1ed9eeba5eab42929d2b189e9
-
SHA256
a1e27623691aa3995d0879591db2ca9455ac31fb261b8ee5a1b37e0194b872eb
-
SHA512
64f9985372755d0a9433980ca911f8cb568b2ba468a4ce6c3944a65c5118a1c965d787277ebbe274ec1c3bcfd94f8d546485ab486e8e8bcdb580c165e0fea1c7
-
SSDEEP
98304:lPsj8nM8f9N7dpNQ5A13kFnblxOFQG3eoyMtxZl:pKe9pO6ublAFHdDtx7
Static task
static1
Behavioral task
behavioral1
Sample
a1e27623691aa3995d0879591db2ca9455ac31fb261b8ee5a1b37e0194b872eb.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
a1e27623691aa3995d0879591db2ca9455ac31fb261b8ee5a1b37e0194b872eb
-
Size
4.2MB
-
MD5
d98b18f43707ea0836317985dda7a55e
-
SHA1
1f34fa31354f01c1ed9eeba5eab42929d2b189e9
-
SHA256
a1e27623691aa3995d0879591db2ca9455ac31fb261b8ee5a1b37e0194b872eb
-
SHA512
64f9985372755d0a9433980ca911f8cb568b2ba468a4ce6c3944a65c5118a1c965d787277ebbe274ec1c3bcfd94f8d546485ab486e8e8bcdb580c165e0fea1c7
-
SSDEEP
98304:lPsj8nM8f9N7dpNQ5A13kFnblxOFQG3eoyMtxZl:pKe9pO6ublAFHdDtx7
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1