General
-
Target
a5367bd6c7899a34944cf3db8844107fa932e742217a92ebef8ba4b0d8f52923
-
Size
4.2MB
-
Sample
240502-t2fqxseh42
-
MD5
db183deb7ea6ec3b80cdb80fb07a56e8
-
SHA1
d5b63a831c9c69bea26ecd410052be42b2a6c15c
-
SHA256
a5367bd6c7899a34944cf3db8844107fa932e742217a92ebef8ba4b0d8f52923
-
SHA512
1a689f3e2d5fe3b34819818e32f028e5d7fa50d9c6e7cff4753cfdbda4461322b0e927754b2a4087cc09f17bb0e673652c8dba10d1108a5497a7a47ef89f797a
-
SSDEEP
98304:5aVsjom70ndrBFgOmll6jSga2nxCwdk+mvEBS8Kssc:5+uom74drMJBirk+iEw8x
Static task
static1
Behavioral task
behavioral1
Sample
a5367bd6c7899a34944cf3db8844107fa932e742217a92ebef8ba4b0d8f52923.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
a5367bd6c7899a34944cf3db8844107fa932e742217a92ebef8ba4b0d8f52923
-
Size
4.2MB
-
MD5
db183deb7ea6ec3b80cdb80fb07a56e8
-
SHA1
d5b63a831c9c69bea26ecd410052be42b2a6c15c
-
SHA256
a5367bd6c7899a34944cf3db8844107fa932e742217a92ebef8ba4b0d8f52923
-
SHA512
1a689f3e2d5fe3b34819818e32f028e5d7fa50d9c6e7cff4753cfdbda4461322b0e927754b2a4087cc09f17bb0e673652c8dba10d1108a5497a7a47ef89f797a
-
SSDEEP
98304:5aVsjom70ndrBFgOmll6jSga2nxCwdk+mvEBS8Kssc:5+uom74drMJBirk+iEw8x
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1