General
-
Target
e9047e84f32d27f1131664a3a861d989e35d576cd70ef26f37c320852ba397ed
-
Size
4.1MB
-
Sample
240509-s3j93ahc9y
-
MD5
d13734fefb2ce05ad1416bb3e38cebe6
-
SHA1
be83b3b2a3d0e758d5d29ef6f01d01591bfc0b1c
-
SHA256
e9047e84f32d27f1131664a3a861d989e35d576cd70ef26f37c320852ba397ed
-
SHA512
01899ee6c4388e6402314a39f65558cfd95b76cf377f6bdb0660f825de047ccd113bc28154517400f0fcffb70a1cfc415c2977cd895e0cf94611532e8ae99fad
-
SSDEEP
49152:yFHjWOXMS9cl73TW4F7CigoH4vE0j/gZI9yVcR+W62NZfYFwnO0lzL3OOHbQBqFn:yFDbcVB3TFxHH43Ma9n+52NVhL/oBqqM
Static task
static1
Behavioral task
behavioral1
Sample
e9047e84f32d27f1131664a3a861d989e35d576cd70ef26f37c320852ba397ed.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
e9047e84f32d27f1131664a3a861d989e35d576cd70ef26f37c320852ba397ed
-
Size
4.1MB
-
MD5
d13734fefb2ce05ad1416bb3e38cebe6
-
SHA1
be83b3b2a3d0e758d5d29ef6f01d01591bfc0b1c
-
SHA256
e9047e84f32d27f1131664a3a861d989e35d576cd70ef26f37c320852ba397ed
-
SHA512
01899ee6c4388e6402314a39f65558cfd95b76cf377f6bdb0660f825de047ccd113bc28154517400f0fcffb70a1cfc415c2977cd895e0cf94611532e8ae99fad
-
SSDEEP
49152:yFHjWOXMS9cl73TW4F7CigoH4vE0j/gZI9yVcR+W62NZfYFwnO0lzL3OOHbQBqFn:yFDbcVB3TFxHH43Ma9n+52NVhL/oBqqM
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1