General
-
Target
eece854e06767d590286c18e00f4a887efe2776e797e5e920da00cc511eae0a7
-
Size
4.2MB
-
Sample
240426-zpa8kach2s
-
MD5
29db5122e3b74cc1998328f75481ff84
-
SHA1
d12d212aca1cca49000ede4ab6b8ab647792ff78
-
SHA256
eece854e06767d590286c18e00f4a887efe2776e797e5e920da00cc511eae0a7
-
SHA512
d326ffd1568e4740f4c098c62578c8bbfbc4bbb493c9036f338ff025fafbdc45cf72426de9badf7c5615566c3641372a7c0c84741ab43f3027388f056eb50258
-
SSDEEP
98304:dx1RyBW5eh1jvdHfL95CEfIBLRbKwJWZNSsbjNHIU:ffIvBT9wRBLRbbJ6NSsbZH3
Static task
static1
Behavioral task
behavioral1
Sample
eece854e06767d590286c18e00f4a887efe2776e797e5e920da00cc511eae0a7.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
eece854e06767d590286c18e00f4a887efe2776e797e5e920da00cc511eae0a7
-
Size
4.2MB
-
MD5
29db5122e3b74cc1998328f75481ff84
-
SHA1
d12d212aca1cca49000ede4ab6b8ab647792ff78
-
SHA256
eece854e06767d590286c18e00f4a887efe2776e797e5e920da00cc511eae0a7
-
SHA512
d326ffd1568e4740f4c098c62578c8bbfbc4bbb493c9036f338ff025fafbdc45cf72426de9badf7c5615566c3641372a7c0c84741ab43f3027388f056eb50258
-
SSDEEP
98304:dx1RyBW5eh1jvdHfL95CEfIBLRbKwJWZNSsbjNHIU:ffIvBT9wRBLRbbJ6NSsbZH3
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1