General
-
Target
88df5327eceb8992c430c431d6829a50d3b1db7d31b147a47b430e09aa184fc8
-
Size
4.1MB
-
Sample
240509-tvzv8aeb94
-
MD5
e7233aa5346e10f66f38d4914c588a8a
-
SHA1
55352b329d87b4206de4142e1e5983607f78ea42
-
SHA256
88df5327eceb8992c430c431d6829a50d3b1db7d31b147a47b430e09aa184fc8
-
SHA512
a00477bcae96d1743f06709c3a977de8ecea77061daab3e48128a4a500689061e18436734c662649179c5de05e5e6bf08ff883ce0fd7d3a397cc8298c6aebde8
-
SSDEEP
98304:agQj3bYke7IH4UmHBe7fvGvGegFjoB9Y4hH2MnS9ay:Vmkkc0oEfvGFgFjKYMWdT
Static task
static1
Behavioral task
behavioral1
Sample
88df5327eceb8992c430c431d6829a50d3b1db7d31b147a47b430e09aa184fc8.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
88df5327eceb8992c430c431d6829a50d3b1db7d31b147a47b430e09aa184fc8
-
Size
4.1MB
-
MD5
e7233aa5346e10f66f38d4914c588a8a
-
SHA1
55352b329d87b4206de4142e1e5983607f78ea42
-
SHA256
88df5327eceb8992c430c431d6829a50d3b1db7d31b147a47b430e09aa184fc8
-
SHA512
a00477bcae96d1743f06709c3a977de8ecea77061daab3e48128a4a500689061e18436734c662649179c5de05e5e6bf08ff883ce0fd7d3a397cc8298c6aebde8
-
SSDEEP
98304:agQj3bYke7IH4UmHBe7fvGvGegFjoB9Y4hH2MnS9ay:Vmkkc0oEfvGFgFjKYMWdT
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1