General
-
Target
a889915e0e154129f4a47f05f5c360cb3e107530dfa6f6186166a9e9290eb964
-
Size
4.1MB
-
Sample
240427-vxdansdg6y
-
MD5
d29228bd1581da52054642d2f25e1329
-
SHA1
dca48f2dd06dc19ab513a773abb17bfcec80416d
-
SHA256
a889915e0e154129f4a47f05f5c360cb3e107530dfa6f6186166a9e9290eb964
-
SHA512
f325d2f9bd054f90b626bd5d7b48c9a03a0c1acb619bf61ce5ab0b36ca4a1b483cb6901e49e24b4559cb8b5082c211d1f2987306f8fdccc848b9921ce3f85fd6
-
SSDEEP
98304:FB+pokA3uLr67t8MVyOHX+J6fh0VTXiCNKfogoP0GUbubAeu:FBc4uLrIK0u8fYNDf0GUb+Aeu
Static task
static1
Behavioral task
behavioral1
Sample
a889915e0e154129f4a47f05f5c360cb3e107530dfa6f6186166a9e9290eb964.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
a889915e0e154129f4a47f05f5c360cb3e107530dfa6f6186166a9e9290eb964
-
Size
4.1MB
-
MD5
d29228bd1581da52054642d2f25e1329
-
SHA1
dca48f2dd06dc19ab513a773abb17bfcec80416d
-
SHA256
a889915e0e154129f4a47f05f5c360cb3e107530dfa6f6186166a9e9290eb964
-
SHA512
f325d2f9bd054f90b626bd5d7b48c9a03a0c1acb619bf61ce5ab0b36ca4a1b483cb6901e49e24b4559cb8b5082c211d1f2987306f8fdccc848b9921ce3f85fd6
-
SSDEEP
98304:FB+pokA3uLr67t8MVyOHX+J6fh0VTXiCNKfogoP0GUbubAeu:FBc4uLrIK0u8fYNDf0GUb+Aeu
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1