General
-
Target
8421e56d1da2323f3ff4154e34478b2247bd47c6ef0e61e88cf25d7da816276a
-
Size
4.1MB
-
Sample
240509-tv3bcaec22
-
MD5
2454da7dfba9fe2f1b5da94b6e0e1de2
-
SHA1
db6bda9b0b16b1966ad703273d9c0bacfe37f0f5
-
SHA256
8421e56d1da2323f3ff4154e34478b2247bd47c6ef0e61e88cf25d7da816276a
-
SHA512
cb38da89c05936b9932a47f2ef3e57a14218dcb1574243fbdcab40e852a432773b778c3c221a02863cbb693062c7a971748cb4c432ee55d5f471ba69718532c6
-
SSDEEP
98304:KgQj3bYke7IH4UmHBe7fvGvGegFjoB9Y4hH2MnS9af:Fmkkc0oEfvGFgFjKYMWdy
Static task
static1
Behavioral task
behavioral1
Sample
8421e56d1da2323f3ff4154e34478b2247bd47c6ef0e61e88cf25d7da816276a.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
8421e56d1da2323f3ff4154e34478b2247bd47c6ef0e61e88cf25d7da816276a
-
Size
4.1MB
-
MD5
2454da7dfba9fe2f1b5da94b6e0e1de2
-
SHA1
db6bda9b0b16b1966ad703273d9c0bacfe37f0f5
-
SHA256
8421e56d1da2323f3ff4154e34478b2247bd47c6ef0e61e88cf25d7da816276a
-
SHA512
cb38da89c05936b9932a47f2ef3e57a14218dcb1574243fbdcab40e852a432773b778c3c221a02863cbb693062c7a971748cb4c432ee55d5f471ba69718532c6
-
SSDEEP
98304:KgQj3bYke7IH4UmHBe7fvGvGegFjoB9Y4hH2MnS9af:Fmkkc0oEfvGFgFjKYMWdy
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1