General
-
Target
830937d10ce64c7d7bb505b17c045c6aba3554350c7c34b3627dd420344ee179
-
Size
4.2MB
-
Sample
240426-zrs66ach8s
-
MD5
461fa091e62067a1d9ab4c0dad37ec50
-
SHA1
9c99c01b14142a0b821538a75468bfe3a7e7ca91
-
SHA256
830937d10ce64c7d7bb505b17c045c6aba3554350c7c34b3627dd420344ee179
-
SHA512
adc7b0198d9adfb67636d599f357d1de4d7771d37d9e75d702671863d4314f914329cfb20476272892277d29533617764432247f80fcb769201dab5c7b93e31f
-
SSDEEP
98304:9x1RyBW5eh1jvdHfL95CEfIBLRbKwJWZNSsbjNHIj:/fIvBT9wRBLRbbJ6NSsbZHk
Static task
static1
Behavioral task
behavioral1
Sample
830937d10ce64c7d7bb505b17c045c6aba3554350c7c34b3627dd420344ee179.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
830937d10ce64c7d7bb505b17c045c6aba3554350c7c34b3627dd420344ee179
-
Size
4.2MB
-
MD5
461fa091e62067a1d9ab4c0dad37ec50
-
SHA1
9c99c01b14142a0b821538a75468bfe3a7e7ca91
-
SHA256
830937d10ce64c7d7bb505b17c045c6aba3554350c7c34b3627dd420344ee179
-
SHA512
adc7b0198d9adfb67636d599f357d1de4d7771d37d9e75d702671863d4314f914329cfb20476272892277d29533617764432247f80fcb769201dab5c7b93e31f
-
SSDEEP
98304:9x1RyBW5eh1jvdHfL95CEfIBLRbKwJWZNSsbjNHIj:/fIvBT9wRBLRbbJ6NSsbZHk
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1