General
-
Target
feee87221a8cde2983145a12e301a794bd748a8a86e2f1ba69fed424d7a645c9
-
Size
4.1MB
-
Sample
240509-p9419sdg33
-
MD5
e82aabf429290b098a6b242a78f0cd72
-
SHA1
2573b22062a086627d1b5b736483dfbe5f3dd207
-
SHA256
feee87221a8cde2983145a12e301a794bd748a8a86e2f1ba69fed424d7a645c9
-
SHA512
c11300db4c14d2eae7c7c8c43f048562dea1ddcc2347dbd7e2c2cd4e0fa7b3eebc0227a730a064a19f00cebf83077a620fc6da0cc2fbdc070ddaa89649625138
-
SSDEEP
98304:UsY/dZ96HSSh3za2WcnSdxBz+LIy5MjydJbomy+VuiahAm:3QZcza2WcnIxBnXOdJK+3UAm
Static task
static1
Behavioral task
behavioral1
Sample
feee87221a8cde2983145a12e301a794bd748a8a86e2f1ba69fed424d7a645c9.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
feee87221a8cde2983145a12e301a794bd748a8a86e2f1ba69fed424d7a645c9
-
Size
4.1MB
-
MD5
e82aabf429290b098a6b242a78f0cd72
-
SHA1
2573b22062a086627d1b5b736483dfbe5f3dd207
-
SHA256
feee87221a8cde2983145a12e301a794bd748a8a86e2f1ba69fed424d7a645c9
-
SHA512
c11300db4c14d2eae7c7c8c43f048562dea1ddcc2347dbd7e2c2cd4e0fa7b3eebc0227a730a064a19f00cebf83077a620fc6da0cc2fbdc070ddaa89649625138
-
SSDEEP
98304:UsY/dZ96HSSh3za2WcnSdxBz+LIy5MjydJbomy+VuiahAm:3QZcza2WcnIxBnXOdJK+3UAm
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1