General
-
Target
da4e717b9aa86a744128fcb04f4eb63c7bd9b0d6abaa26b53b716fc3a2fc9a14
-
Size
4.2MB
-
Sample
240426-y7h6fscd3v
-
MD5
6215d08ce197e08b92f8b704b43b6ede
-
SHA1
2bff70d4dd783eeb14a7c73531ec0b41f55727ef
-
SHA256
da4e717b9aa86a744128fcb04f4eb63c7bd9b0d6abaa26b53b716fc3a2fc9a14
-
SHA512
b4dacb6e8fd733fb00cc89e2ce6521d9b392b473d8170a1a5268390b609d4674dadcb6705dd9d9714d72c0442a9a5b1528678756e484a1c47176d182617386d7
-
SSDEEP
98304:q2m5eOYCD1ID98VF2Kih+6YxfniOeVNR3JpIP6GA7sf3HgV11GO:q2m5BYCDY8uVjYxfniXVNFJ2yR7sfQVz
Static task
static1
Behavioral task
behavioral1
Sample
da4e717b9aa86a744128fcb04f4eb63c7bd9b0d6abaa26b53b716fc3a2fc9a14.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
da4e717b9aa86a744128fcb04f4eb63c7bd9b0d6abaa26b53b716fc3a2fc9a14
-
Size
4.2MB
-
MD5
6215d08ce197e08b92f8b704b43b6ede
-
SHA1
2bff70d4dd783eeb14a7c73531ec0b41f55727ef
-
SHA256
da4e717b9aa86a744128fcb04f4eb63c7bd9b0d6abaa26b53b716fc3a2fc9a14
-
SHA512
b4dacb6e8fd733fb00cc89e2ce6521d9b392b473d8170a1a5268390b609d4674dadcb6705dd9d9714d72c0442a9a5b1528678756e484a1c47176d182617386d7
-
SSDEEP
98304:q2m5eOYCD1ID98VF2Kih+6YxfniOeVNR3JpIP6GA7sf3HgV11GO:q2m5BYCDY8uVjYxfniXVNFJ2yR7sfQVz
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1