General
-
Target
e9757b4b7bf816e6a8ec1a79ec4d5602ed68af0b095546495d726d71708a65d9
-
Size
4.1MB
-
Sample
240509-tvfscaeb74
-
MD5
c5a2da0fff0777aa8a826f5aa7f75daf
-
SHA1
85a079352cfae4c338e088e2e9ac689989b7f219
-
SHA256
e9757b4b7bf816e6a8ec1a79ec4d5602ed68af0b095546495d726d71708a65d9
-
SHA512
7646eea4173bc8143d16b850559813c5a2d166fb5833389437cd4b2af0384666b075434d66642ce136dc14501a7316255df2c2e880147b9e552774426e0880a6
-
SSDEEP
98304:qgQj3bYke7IH4UmHBe7fvGvGegFjoB9Y4hH2MnS9aE:lmkkc0oEfvGFgFjKYMWdV
Static task
static1
Behavioral task
behavioral1
Sample
e9757b4b7bf816e6a8ec1a79ec4d5602ed68af0b095546495d726d71708a65d9.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
e9757b4b7bf816e6a8ec1a79ec4d5602ed68af0b095546495d726d71708a65d9
-
Size
4.1MB
-
MD5
c5a2da0fff0777aa8a826f5aa7f75daf
-
SHA1
85a079352cfae4c338e088e2e9ac689989b7f219
-
SHA256
e9757b4b7bf816e6a8ec1a79ec4d5602ed68af0b095546495d726d71708a65d9
-
SHA512
7646eea4173bc8143d16b850559813c5a2d166fb5833389437cd4b2af0384666b075434d66642ce136dc14501a7316255df2c2e880147b9e552774426e0880a6
-
SSDEEP
98304:qgQj3bYke7IH4UmHBe7fvGvGegFjoB9Y4hH2MnS9aE:lmkkc0oEfvGFgFjKYMWdV
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1