General
-
Target
1144420baf1f5f197b068e5704e623e9207185d89549529886a9fa87ee915f59
-
Size
4.1MB
-
Sample
240427-klfasafa45
-
MD5
07d4cbfe9fdaa0433b9126a435518617
-
SHA1
1e7381bc7531f276cb9f10db07deb64a4895e51a
-
SHA256
1144420baf1f5f197b068e5704e623e9207185d89549529886a9fa87ee915f59
-
SHA512
c3f70357cf2b885a0d0e6cfaf95a648d36bd0502b6e686c56d7a03fa1342ed3b75cccedc4ed396a494e3b6dd405727b545d1cb0521b6a738fc950b1b74ce1ee1
-
SSDEEP
98304:RBrcvoQ3bpeAYFyI5s2iXAaDVcYvvxcUB482tlsgYA74p:RBQ8JjsJRJcupcUK8wlX7G
Static task
static1
Behavioral task
behavioral1
Sample
1144420baf1f5f197b068e5704e623e9207185d89549529886a9fa87ee915f59.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
1144420baf1f5f197b068e5704e623e9207185d89549529886a9fa87ee915f59
-
Size
4.1MB
-
MD5
07d4cbfe9fdaa0433b9126a435518617
-
SHA1
1e7381bc7531f276cb9f10db07deb64a4895e51a
-
SHA256
1144420baf1f5f197b068e5704e623e9207185d89549529886a9fa87ee915f59
-
SHA512
c3f70357cf2b885a0d0e6cfaf95a648d36bd0502b6e686c56d7a03fa1342ed3b75cccedc4ed396a494e3b6dd405727b545d1cb0521b6a738fc950b1b74ce1ee1
-
SSDEEP
98304:RBrcvoQ3bpeAYFyI5s2iXAaDVcYvvxcUB482tlsgYA74p:RBQ8JjsJRJcupcUK8wlX7G
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1