General
-
Target
fd3eda66225f8b8b4dae819270171d6ff4fcd8c2070d728e53362891a047c9e0
-
Size
4.1MB
-
Sample
240511-kw2lrsch97
-
MD5
87f3e8da76aad8f55d9531c62a56692a
-
SHA1
3c2306c32d35d6b54a5fc8995ff6109991c9ca72
-
SHA256
fd3eda66225f8b8b4dae819270171d6ff4fcd8c2070d728e53362891a047c9e0
-
SHA512
49b662dc23ea8bd676f82a3a4af315f07e679336c20c844a55e128fee0003d4ad4d8195363f9895c286f64198f5742ab8933c5c9fbef8c4149ebee26ada48771
-
SSDEEP
98304:IErTbmYqgZ1XudKeC70JrifsEkbyxLCxltfr4Ppsv6xaCIl:LD1Z1UwAUfrk2xOxPr4PpsvyaCIl
Static task
static1
Behavioral task
behavioral1
Sample
fd3eda66225f8b8b4dae819270171d6ff4fcd8c2070d728e53362891a047c9e0.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
fd3eda66225f8b8b4dae819270171d6ff4fcd8c2070d728e53362891a047c9e0
-
Size
4.1MB
-
MD5
87f3e8da76aad8f55d9531c62a56692a
-
SHA1
3c2306c32d35d6b54a5fc8995ff6109991c9ca72
-
SHA256
fd3eda66225f8b8b4dae819270171d6ff4fcd8c2070d728e53362891a047c9e0
-
SHA512
49b662dc23ea8bd676f82a3a4af315f07e679336c20c844a55e128fee0003d4ad4d8195363f9895c286f64198f5742ab8933c5c9fbef8c4149ebee26ada48771
-
SSDEEP
98304:IErTbmYqgZ1XudKeC70JrifsEkbyxLCxltfr4Ppsv6xaCIl:LD1Z1UwAUfrk2xOxPr4PpsvyaCIl
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1