General
-
Target
36b234574caf15ae9e4222872ed8efae6517ba15cba9a5fb9f806edb08d5c93e
-
Size
4.1MB
-
Sample
240509-p7v1ksde83
-
MD5
378c27c72623ee6f98580affff65e9a5
-
SHA1
0c086fb7c4c46952943df8494c1ec20c0f3b03b3
-
SHA256
36b234574caf15ae9e4222872ed8efae6517ba15cba9a5fb9f806edb08d5c93e
-
SHA512
eb16c02e7499b588e4a6ffc8d870e4ee146406122e6343f9ef4a78b4760b77e23341e286808cf1e2dae8ff4acb5d0914acb85f193f3e3482ab676e25b6ec3364
-
SSDEEP
98304:csY/dZ96HSSh3za2WcnSdxBz+LIy5MjydJbomy+VuiahAH:vQZcza2WcnIxBnXOdJK+3UAH
Static task
static1
Behavioral task
behavioral1
Sample
36b234574caf15ae9e4222872ed8efae6517ba15cba9a5fb9f806edb08d5c93e.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
36b234574caf15ae9e4222872ed8efae6517ba15cba9a5fb9f806edb08d5c93e
-
Size
4.1MB
-
MD5
378c27c72623ee6f98580affff65e9a5
-
SHA1
0c086fb7c4c46952943df8494c1ec20c0f3b03b3
-
SHA256
36b234574caf15ae9e4222872ed8efae6517ba15cba9a5fb9f806edb08d5c93e
-
SHA512
eb16c02e7499b588e4a6ffc8d870e4ee146406122e6343f9ef4a78b4760b77e23341e286808cf1e2dae8ff4acb5d0914acb85f193f3e3482ab676e25b6ec3364
-
SSDEEP
98304:csY/dZ96HSSh3za2WcnSdxBz+LIy5MjydJbomy+VuiahAH:vQZcza2WcnIxBnXOdJK+3UAH
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1