General
-
Target
9532bef0764b3b6e1cbc8c6bf0f24e6eecefa853e3bae21917e9c3076eeb74bf
-
Size
4.1MB
-
Sample
240515-3knvmshh3w
-
MD5
db690b7d750acb89c3aa50559853c396
-
SHA1
2252d4286fce4849b03a9f803c2462fc69d9bc3a
-
SHA256
9532bef0764b3b6e1cbc8c6bf0f24e6eecefa853e3bae21917e9c3076eeb74bf
-
SHA512
e34612a80e3cfb18722cb6024e5847c455d12669b17ce15354abaa43f0d9487f628c956e5c496931a6ffd0e9f7bda470cfe527fab30d7ff344d1b2fc9b13b294
-
SSDEEP
98304:kCrMvuyR1RyPQdAJHItu4QbOo8ZPCtSlOjuAz5n6hmlDmbj:k5vuu/yDHItfIOpPCSgB5tCX
Static task
static1
Behavioral task
behavioral1
Sample
9532bef0764b3b6e1cbc8c6bf0f24e6eecefa853e3bae21917e9c3076eeb74bf.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
9532bef0764b3b6e1cbc8c6bf0f24e6eecefa853e3bae21917e9c3076eeb74bf
-
Size
4.1MB
-
MD5
db690b7d750acb89c3aa50559853c396
-
SHA1
2252d4286fce4849b03a9f803c2462fc69d9bc3a
-
SHA256
9532bef0764b3b6e1cbc8c6bf0f24e6eecefa853e3bae21917e9c3076eeb74bf
-
SHA512
e34612a80e3cfb18722cb6024e5847c455d12669b17ce15354abaa43f0d9487f628c956e5c496931a6ffd0e9f7bda470cfe527fab30d7ff344d1b2fc9b13b294
-
SSDEEP
98304:kCrMvuyR1RyPQdAJHItu4QbOo8ZPCtSlOjuAz5n6hmlDmbj:k5vuu/yDHItfIOpPCSgB5tCX
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1