General
-
Target
25aa44bb991867e7a59febf084b0b38b613943b4ac0f0b4d0574318611522a4b
-
Size
4.2MB
-
Sample
240426-zn3w7aca37
-
MD5
556769a811f4c28ed321fd159a6d74bf
-
SHA1
75219e45d3acb34647562bc3ddef81749896714c
-
SHA256
25aa44bb991867e7a59febf084b0b38b613943b4ac0f0b4d0574318611522a4b
-
SHA512
3aaa037483c3ea9634371e1aa24fe06c3a484cd650af59463f6b5f1ba0681582e01e728bec225bc8d67f257e9bf43a5f82597220317b4af1d23fe0cf1f0919bd
-
SSDEEP
98304:Vx1RyBW5eh1jvdHfL95CEfIBLRbKwJWZNSsbjNHIg:XfIvBT9wRBLRbbJ6NSsbZHD
Static task
static1
Behavioral task
behavioral1
Sample
25aa44bb991867e7a59febf084b0b38b613943b4ac0f0b4d0574318611522a4b.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
25aa44bb991867e7a59febf084b0b38b613943b4ac0f0b4d0574318611522a4b
-
Size
4.2MB
-
MD5
556769a811f4c28ed321fd159a6d74bf
-
SHA1
75219e45d3acb34647562bc3ddef81749896714c
-
SHA256
25aa44bb991867e7a59febf084b0b38b613943b4ac0f0b4d0574318611522a4b
-
SHA512
3aaa037483c3ea9634371e1aa24fe06c3a484cd650af59463f6b5f1ba0681582e01e728bec225bc8d67f257e9bf43a5f82597220317b4af1d23fe0cf1f0919bd
-
SSDEEP
98304:Vx1RyBW5eh1jvdHfL95CEfIBLRbKwJWZNSsbjNHIg:XfIvBT9wRBLRbbJ6NSsbZHD
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1