General
-
Target
32021f2fe63c84b0bff3d8e98f7863f29dbe1df783a76a0e0bb980da40ac64ce
-
Size
4.2MB
-
Sample
240425-lqhr5she5y
-
MD5
d4b7a9d713dfc48768d17c211bfc81fc
-
SHA1
9f68c947f595f4c43c041642caf0d4338c54a448
-
SHA256
32021f2fe63c84b0bff3d8e98f7863f29dbe1df783a76a0e0bb980da40ac64ce
-
SHA512
123533cf01877b18446d5e979d332be2da5a171b4bcde620845e6c66e5a83843729c52e51aca19f9d36e3c6babcf02c20fc21bd74c6dbe98a91a86c70e1e458b
-
SSDEEP
98304:yHpMxDemVqIpADKfdGpiZF6VsUJaz5bqFpk/ef:wpKDzpjf8c3q/ff
Static task
static1
Behavioral task
behavioral1
Sample
32021f2fe63c84b0bff3d8e98f7863f29dbe1df783a76a0e0bb980da40ac64ce.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
32021f2fe63c84b0bff3d8e98f7863f29dbe1df783a76a0e0bb980da40ac64ce
-
Size
4.2MB
-
MD5
d4b7a9d713dfc48768d17c211bfc81fc
-
SHA1
9f68c947f595f4c43c041642caf0d4338c54a448
-
SHA256
32021f2fe63c84b0bff3d8e98f7863f29dbe1df783a76a0e0bb980da40ac64ce
-
SHA512
123533cf01877b18446d5e979d332be2da5a171b4bcde620845e6c66e5a83843729c52e51aca19f9d36e3c6babcf02c20fc21bd74c6dbe98a91a86c70e1e458b
-
SSDEEP
98304:yHpMxDemVqIpADKfdGpiZF6VsUJaz5bqFpk/ef:wpKDzpjf8c3q/ff
-
Glupteba payload
-
Blocklisted process makes network request
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1