General
-
Target
58ab56689aa0ca6484c63ecaec185f9e6f4be9d5cce3a06decc5155188342004
-
Size
4.2MB
-
Sample
240427-2crqwshh69
-
MD5
83e6df52b92e9cce71c064c0b56e5a1d
-
SHA1
052d350583149e7155034d03098b9820be4a5b58
-
SHA256
58ab56689aa0ca6484c63ecaec185f9e6f4be9d5cce3a06decc5155188342004
-
SHA512
0d8a1e19cad260cf616eea89bb25c80d3595ab4bbcb1df7b2e0567339e853a09022efeb4ff0b1a76b4f8e60489490676c56ee0474b7e54ee455a76e4e3d2bcad
-
SSDEEP
98304:PamOmyh13YwSD+iffg9rOMOczucEEdNxQlfwo87Elwi0PG1E:PTy8Jy4o9ecZxQhwo8IinPG1E
Static task
static1
Behavioral task
behavioral1
Sample
58ab56689aa0ca6484c63ecaec185f9e6f4be9d5cce3a06decc5155188342004.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
58ab56689aa0ca6484c63ecaec185f9e6f4be9d5cce3a06decc5155188342004
-
Size
4.2MB
-
MD5
83e6df52b92e9cce71c064c0b56e5a1d
-
SHA1
052d350583149e7155034d03098b9820be4a5b58
-
SHA256
58ab56689aa0ca6484c63ecaec185f9e6f4be9d5cce3a06decc5155188342004
-
SHA512
0d8a1e19cad260cf616eea89bb25c80d3595ab4bbcb1df7b2e0567339e853a09022efeb4ff0b1a76b4f8e60489490676c56ee0474b7e54ee455a76e4e3d2bcad
-
SSDEEP
98304:PamOmyh13YwSD+iffg9rOMOczucEEdNxQlfwo87Elwi0PG1E:PTy8Jy4o9ecZxQhwo8IinPG1E
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1