General
-
Target
9dfdd3cdfafec6eadd17333370928a081e97e86810cf40fe47db752f9d886b15
-
Size
4.2MB
-
Sample
240426-zvesyada4x
-
MD5
e054462b95b6dffd7dddb78222a89c1a
-
SHA1
6d7e0954381ccaa05468053f250ac04654e51b01
-
SHA256
9dfdd3cdfafec6eadd17333370928a081e97e86810cf40fe47db752f9d886b15
-
SHA512
00be755dff9e30b43abd5b92a5eedb15e5de8f4a654abafc4c6910a1e38f5706028aa4846ae44b03715cb014e604f8ab89514cf50d08c6c11aef55dae95a9d2a
-
SSDEEP
98304:Vx1RyBW5eh1jvdHfL95CEfIBLRbKwJWZNSsbjNHIl:XfIvBT9wRBLRbbJ6NSsbZHW
Static task
static1
Behavioral task
behavioral1
Sample
9dfdd3cdfafec6eadd17333370928a081e97e86810cf40fe47db752f9d886b15.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
9dfdd3cdfafec6eadd17333370928a081e97e86810cf40fe47db752f9d886b15
-
Size
4.2MB
-
MD5
e054462b95b6dffd7dddb78222a89c1a
-
SHA1
6d7e0954381ccaa05468053f250ac04654e51b01
-
SHA256
9dfdd3cdfafec6eadd17333370928a081e97e86810cf40fe47db752f9d886b15
-
SHA512
00be755dff9e30b43abd5b92a5eedb15e5de8f4a654abafc4c6910a1e38f5706028aa4846ae44b03715cb014e604f8ab89514cf50d08c6c11aef55dae95a9d2a
-
SSDEEP
98304:Vx1RyBW5eh1jvdHfL95CEfIBLRbKwJWZNSsbjNHIl:XfIvBT9wRBLRbbJ6NSsbZHW
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1