General
-
Target
f718117cb5358a29cc40998e319ad2bf87c35be45d52f77182ea508544b88af7
-
Size
4.2MB
-
Sample
240426-sw7f1see28
-
MD5
86d85f0514cc18a04c3acefa9f73fe8b
-
SHA1
f8cdef937de409fef5c2c9a395a25ca9325b47b5
-
SHA256
f718117cb5358a29cc40998e319ad2bf87c35be45d52f77182ea508544b88af7
-
SHA512
963f1a81f847eb029da0bf0ee1cf771a2216da609498686a8ee3b8a997769917beb1d771be19b28f7bc7593aff45722e8777f7e7a1351dfd78ffa151f572785b
-
SSDEEP
98304:vGzsnCxKltbFvS+Z1vjUEQC5FD5MQIQIIS4sbbL48:vG4nxAoLumFD5/IIFsr
Static task
static1
Behavioral task
behavioral1
Sample
f718117cb5358a29cc40998e319ad2bf87c35be45d52f77182ea508544b88af7.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
f718117cb5358a29cc40998e319ad2bf87c35be45d52f77182ea508544b88af7
-
Size
4.2MB
-
MD5
86d85f0514cc18a04c3acefa9f73fe8b
-
SHA1
f8cdef937de409fef5c2c9a395a25ca9325b47b5
-
SHA256
f718117cb5358a29cc40998e319ad2bf87c35be45d52f77182ea508544b88af7
-
SHA512
963f1a81f847eb029da0bf0ee1cf771a2216da609498686a8ee3b8a997769917beb1d771be19b28f7bc7593aff45722e8777f7e7a1351dfd78ffa151f572785b
-
SSDEEP
98304:vGzsnCxKltbFvS+Z1vjUEQC5FD5MQIQIIS4sbbL48:vG4nxAoLumFD5/IIFsr
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1