General
-
Target
26df6a3c515d9e9c0f3a1911864b8a8931e955f4abe948fc95114566e73b3d86
-
Size
4.1MB
-
Sample
240515-3qfffsac2v
-
MD5
d224c01165136763824cb4cf0144493f
-
SHA1
9bc66aac34d81bbfb85e9f7e2e02d2c25d8d0394
-
SHA256
26df6a3c515d9e9c0f3a1911864b8a8931e955f4abe948fc95114566e73b3d86
-
SHA512
fd908bf6b893bd367f35e4c7b4bbf2cc92634479fa56d825b5495931284e52cf120e52ae74c79d10e872a71f92e446df5b0e74c89d735106790e23da4f5827d2
-
SSDEEP
98304:3sj80k8u7e4te7QNzi5j0edbbHwu+w5lmM0XQn0:3g9u7eueIzil0SbrHmM0J
Static task
static1
Behavioral task
behavioral1
Sample
26df6a3c515d9e9c0f3a1911864b8a8931e955f4abe948fc95114566e73b3d86.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
26df6a3c515d9e9c0f3a1911864b8a8931e955f4abe948fc95114566e73b3d86
-
Size
4.1MB
-
MD5
d224c01165136763824cb4cf0144493f
-
SHA1
9bc66aac34d81bbfb85e9f7e2e02d2c25d8d0394
-
SHA256
26df6a3c515d9e9c0f3a1911864b8a8931e955f4abe948fc95114566e73b3d86
-
SHA512
fd908bf6b893bd367f35e4c7b4bbf2cc92634479fa56d825b5495931284e52cf120e52ae74c79d10e872a71f92e446df5b0e74c89d735106790e23da4f5827d2
-
SSDEEP
98304:3sj80k8u7e4te7QNzi5j0edbbHwu+w5lmM0XQn0:3g9u7eueIzil0SbrHmM0J
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1