General
-
Target
8e4f421de98a29357f810bc8b03b0cdc25dcaa12cc5f33e2f35d878de08eff2f
-
Size
4.2MB
-
Sample
240426-3knjwaed49
-
MD5
69f75ccbf11306bbb7c333a0a9353cc7
-
SHA1
e6df275dd34a31fca9dba3fc69e4e5893ac7f448
-
SHA256
8e4f421de98a29357f810bc8b03b0cdc25dcaa12cc5f33e2f35d878de08eff2f
-
SHA512
6fd072e0f3aab7fb4fe14427cfb96341f4b99a9c627767ee0b82f56cdd12792a371f18b0ad39d9e295953381da4aa3e85632c6bb99de3e8b217e61fcd9864b86
-
SSDEEP
98304:YkAjdDPAeC2B02wyEqB4QU18FBwX92iJvUa6o386BoSeiwZU4mjQxQs:TuPAV2B0NRqB88FqJvA6j4GQd
Static task
static1
Behavioral task
behavioral1
Sample
8e4f421de98a29357f810bc8b03b0cdc25dcaa12cc5f33e2f35d878de08eff2f.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
8e4f421de98a29357f810bc8b03b0cdc25dcaa12cc5f33e2f35d878de08eff2f
-
Size
4.2MB
-
MD5
69f75ccbf11306bbb7c333a0a9353cc7
-
SHA1
e6df275dd34a31fca9dba3fc69e4e5893ac7f448
-
SHA256
8e4f421de98a29357f810bc8b03b0cdc25dcaa12cc5f33e2f35d878de08eff2f
-
SHA512
6fd072e0f3aab7fb4fe14427cfb96341f4b99a9c627767ee0b82f56cdd12792a371f18b0ad39d9e295953381da4aa3e85632c6bb99de3e8b217e61fcd9864b86
-
SSDEEP
98304:YkAjdDPAeC2B02wyEqB4QU18FBwX92iJvUa6o386BoSeiwZU4mjQxQs:TuPAV2B0NRqB88FqJvA6j4GQd
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1