General
-
Target
0779f08fdc0d1fa3ea4ecf2780432f694fe88d5ac4dbe7498c51ad6e6890abf3
-
Size
4.1MB
-
Sample
240427-khaacseh84
-
MD5
45e0b552c1a7823ad16bca1115ed5488
-
SHA1
697747e07695764d8ccfea0e6323ab7e72516ed5
-
SHA256
0779f08fdc0d1fa3ea4ecf2780432f694fe88d5ac4dbe7498c51ad6e6890abf3
-
SHA512
7772cd3f63ac2551ada4f12982ed6680f7192c9c1f2b6bb6621eaf1c6b1c09fde80554887338e86d7c9f5d4b7f0a85f2b3da8c4a2351223e797861e894d3c817
-
SSDEEP
98304:5BrcvoQ3bpeAYFyI5s2iXAaDVcYvvxcUB482tlsgYA74B:5BQ8JjsJRJcupcUK8wlX7K
Static task
static1
Behavioral task
behavioral1
Sample
0779f08fdc0d1fa3ea4ecf2780432f694fe88d5ac4dbe7498c51ad6e6890abf3.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
0779f08fdc0d1fa3ea4ecf2780432f694fe88d5ac4dbe7498c51ad6e6890abf3
-
Size
4.1MB
-
MD5
45e0b552c1a7823ad16bca1115ed5488
-
SHA1
697747e07695764d8ccfea0e6323ab7e72516ed5
-
SHA256
0779f08fdc0d1fa3ea4ecf2780432f694fe88d5ac4dbe7498c51ad6e6890abf3
-
SHA512
7772cd3f63ac2551ada4f12982ed6680f7192c9c1f2b6bb6621eaf1c6b1c09fde80554887338e86d7c9f5d4b7f0a85f2b3da8c4a2351223e797861e894d3c817
-
SSDEEP
98304:5BrcvoQ3bpeAYFyI5s2iXAaDVcYvvxcUB482tlsgYA74B:5BQ8JjsJRJcupcUK8wlX7K
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1