General
-
Target
923206342c07cef6b659be5d4706ae17a2f9c0638ae5800597a49e2ec324a7e6
-
Size
4.2MB
-
Sample
240425-py935sah46
-
MD5
cbb6e31aed180271334799d0a4c6e6c2
-
SHA1
53b2aa7aa722fa73240d21db7dcd00ab69aa5244
-
SHA256
923206342c07cef6b659be5d4706ae17a2f9c0638ae5800597a49e2ec324a7e6
-
SHA512
7e7813339c1daa5b69cf6b4efeb843e447b490746f0a25dbdb2b0092c45fc427cc400eecf5f1e1798473fdf4ca7177d3848f5b24157ff924b4a2036fa00c057d
-
SSDEEP
98304:ZlPNnLMcliXgk6mZUGEiVLqbbhuqLV4AlEjP7s:ZlP9LMc0wkDbEiV0LVIo
Static task
static1
Behavioral task
behavioral1
Sample
923206342c07cef6b659be5d4706ae17a2f9c0638ae5800597a49e2ec324a7e6.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
923206342c07cef6b659be5d4706ae17a2f9c0638ae5800597a49e2ec324a7e6
-
Size
4.2MB
-
MD5
cbb6e31aed180271334799d0a4c6e6c2
-
SHA1
53b2aa7aa722fa73240d21db7dcd00ab69aa5244
-
SHA256
923206342c07cef6b659be5d4706ae17a2f9c0638ae5800597a49e2ec324a7e6
-
SHA512
7e7813339c1daa5b69cf6b4efeb843e447b490746f0a25dbdb2b0092c45fc427cc400eecf5f1e1798473fdf4ca7177d3848f5b24157ff924b4a2036fa00c057d
-
SSDEEP
98304:ZlPNnLMcliXgk6mZUGEiVLqbbhuqLV4AlEjP7s:ZlP9LMc0wkDbEiV0LVIo
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1