General
-
Target
d0912fe102eb26e17bb6c80809f97d3d33cc037b6b839a801a4f9b2b0f0025d7
-
Size
4.2MB
-
Sample
240425-lrp8lshe74
-
MD5
3146828886f33e23ee8d043defcfc646
-
SHA1
b6f19d0692b4ac16bdef8b4b3f829ee2d2e26f46
-
SHA256
d0912fe102eb26e17bb6c80809f97d3d33cc037b6b839a801a4f9b2b0f0025d7
-
SHA512
462a76497a9b3828799ad2d7699586275e9d0725213ada1b89c5dc7cb76d38c3feb2c6b07240ce0fb477dbd356fe6e7fba5bb593071bae97f82e30a62978c7df
-
SSDEEP
98304:yHpMxDemVqIpADKfdGpiZF6VsUJaz5bqFpk/ej:wpKDzpjf8c3q/fj
Static task
static1
Behavioral task
behavioral1
Sample
d0912fe102eb26e17bb6c80809f97d3d33cc037b6b839a801a4f9b2b0f0025d7.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
d0912fe102eb26e17bb6c80809f97d3d33cc037b6b839a801a4f9b2b0f0025d7
-
Size
4.2MB
-
MD5
3146828886f33e23ee8d043defcfc646
-
SHA1
b6f19d0692b4ac16bdef8b4b3f829ee2d2e26f46
-
SHA256
d0912fe102eb26e17bb6c80809f97d3d33cc037b6b839a801a4f9b2b0f0025d7
-
SHA512
462a76497a9b3828799ad2d7699586275e9d0725213ada1b89c5dc7cb76d38c3feb2c6b07240ce0fb477dbd356fe6e7fba5bb593071bae97f82e30a62978c7df
-
SSDEEP
98304:yHpMxDemVqIpADKfdGpiZF6VsUJaz5bqFpk/ej:wpKDzpjf8c3q/fj
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1