General
-
Target
e863afb1c77e26b8c0587849dbd16d2ea086bc6197bc78ca7f926aa9477880c1
-
Size
4.1MB
-
Sample
240509-s7gpqshf5v
-
MD5
69bb01084856c56a02ac5c32412cbef4
-
SHA1
51ec5a3c033a0d84cdfa42982be35be7a40347b9
-
SHA256
e863afb1c77e26b8c0587849dbd16d2ea086bc6197bc78ca7f926aa9477880c1
-
SHA512
4b90a4a567b86d3f29c20a5643d0c1a5fd886a6e796cf47383c07265ca84fe7cd1296016ba340ca48aadd39aa6ac1f0fb69efbc519da28caf88abf119aac1ba3
-
SSDEEP
49152:aFHjWOXMS9cl73TW4F7CigoH4vE0j/gZI9yVcR+W62NZfYFwnO0lzL3OOHbQBqFN:aFDbcVB3TFxHH43Ma9n+52NVhL/oBqqC
Static task
static1
Behavioral task
behavioral1
Sample
e863afb1c77e26b8c0587849dbd16d2ea086bc6197bc78ca7f926aa9477880c1.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
e863afb1c77e26b8c0587849dbd16d2ea086bc6197bc78ca7f926aa9477880c1
-
Size
4.1MB
-
MD5
69bb01084856c56a02ac5c32412cbef4
-
SHA1
51ec5a3c033a0d84cdfa42982be35be7a40347b9
-
SHA256
e863afb1c77e26b8c0587849dbd16d2ea086bc6197bc78ca7f926aa9477880c1
-
SHA512
4b90a4a567b86d3f29c20a5643d0c1a5fd886a6e796cf47383c07265ca84fe7cd1296016ba340ca48aadd39aa6ac1f0fb69efbc519da28caf88abf119aac1ba3
-
SSDEEP
49152:aFHjWOXMS9cl73TW4F7CigoH4vE0j/gZI9yVcR+W62NZfYFwnO0lzL3OOHbQBqFN:aFDbcVB3TFxHH43Ma9n+52NVhL/oBqqC
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1