General
-
Target
36f2870e0ec7e94bd181e3eae67b21a9c992bf6c243e21378c651693547acc29
-
Size
4.1MB
-
Sample
240511-nl92yahb25
-
MD5
bc625e6f494a7fdb35862f9ebb8ebe18
-
SHA1
fa7f9aada4db117b9e56fb5b86e41768a1d5b732
-
SHA256
36f2870e0ec7e94bd181e3eae67b21a9c992bf6c243e21378c651693547acc29
-
SHA512
e42c8083d7da5699ef14f37a1b988f38c24de5bd1449a92f388d46b2cb66cc2d83a1d484bce648a2cf61935ba586d82bd8b65e886d8a03d793cc5e9d84c83f3e
-
SSDEEP
98304:ValdxVYbeltggr6p7qKtgoJu9O6Qxc6qPeInuZKahKn+3Qi:6xq6ggrt/os9O/WxuFhK+Ai
Static task
static1
Behavioral task
behavioral1
Sample
36f2870e0ec7e94bd181e3eae67b21a9c992bf6c243e21378c651693547acc29.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
36f2870e0ec7e94bd181e3eae67b21a9c992bf6c243e21378c651693547acc29
-
Size
4.1MB
-
MD5
bc625e6f494a7fdb35862f9ebb8ebe18
-
SHA1
fa7f9aada4db117b9e56fb5b86e41768a1d5b732
-
SHA256
36f2870e0ec7e94bd181e3eae67b21a9c992bf6c243e21378c651693547acc29
-
SHA512
e42c8083d7da5699ef14f37a1b988f38c24de5bd1449a92f388d46b2cb66cc2d83a1d484bce648a2cf61935ba586d82bd8b65e886d8a03d793cc5e9d84c83f3e
-
SSDEEP
98304:ValdxVYbeltggr6p7qKtgoJu9O6Qxc6qPeInuZKahKn+3Qi:6xq6ggrt/os9O/WxuFhK+Ai
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1