General
-
Target
7274cc52fb962d917e3d4ce27e48e4b8d9b1197bc7c6691444520a4a692dedea
-
Size
4.1MB
-
Sample
240427-fqtxhsbf55
-
MD5
6fbdabad39418b7ca2324b31d281d8bd
-
SHA1
17cb0c17d9a51e0ea5426a09bb8745a393d8fbb3
-
SHA256
7274cc52fb962d917e3d4ce27e48e4b8d9b1197bc7c6691444520a4a692dedea
-
SHA512
13bb0799b5d435aeb49a96e198292d0ddb5f536530f7d6af21c09e662d2e5b4ac0f697b917fd134fc1db64ba240d43fc9b45df81d27e349286f5abed0b8a4967
-
SSDEEP
98304:eDH7OPmPIYOb+xaC5Bg1F04wxr3ayvMabi92:eDH7OPeI9Kxb52Fw1ay/x
Static task
static1
Behavioral task
behavioral1
Sample
7274cc52fb962d917e3d4ce27e48e4b8d9b1197bc7c6691444520a4a692dedea.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
7274cc52fb962d917e3d4ce27e48e4b8d9b1197bc7c6691444520a4a692dedea
-
Size
4.1MB
-
MD5
6fbdabad39418b7ca2324b31d281d8bd
-
SHA1
17cb0c17d9a51e0ea5426a09bb8745a393d8fbb3
-
SHA256
7274cc52fb962d917e3d4ce27e48e4b8d9b1197bc7c6691444520a4a692dedea
-
SHA512
13bb0799b5d435aeb49a96e198292d0ddb5f536530f7d6af21c09e662d2e5b4ac0f697b917fd134fc1db64ba240d43fc9b45df81d27e349286f5abed0b8a4967
-
SSDEEP
98304:eDH7OPmPIYOb+xaC5Bg1F04wxr3ayvMabi92:eDH7OPeI9Kxb52Fw1ay/x
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1