General
-
Target
fa7d17b12b39ab0cadef911a0540ec8adad3b89a7f0cdf0217faafcbe7defd02
-
Size
4.1MB
-
Sample
240515-lg5wbabc69
-
MD5
3d9ae9bc8e821c5c0b45632fb2673ef7
-
SHA1
fe284b82d1cdd6513e404c3afee726a264ea210f
-
SHA256
fa7d17b12b39ab0cadef911a0540ec8adad3b89a7f0cdf0217faafcbe7defd02
-
SHA512
2d7bd52eaa5ea4566e42bf0ccfd22619c7d88c93ce03e55b367326362aec2a7d382c058444608fb3431274849ace5602fe803bbc46a4b0dfc25a1213331d7797
-
SSDEEP
98304:bMIwCeNIp7mrmH39JW0ckvUhqbUgu0QDk0l0y/C/U00fVU15PA2:bBwCmIp7Ci3XwSxbLu0E0yeIUT42
Static task
static1
Behavioral task
behavioral1
Sample
fa7d17b12b39ab0cadef911a0540ec8adad3b89a7f0cdf0217faafcbe7defd02.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
fa7d17b12b39ab0cadef911a0540ec8adad3b89a7f0cdf0217faafcbe7defd02
-
Size
4.1MB
-
MD5
3d9ae9bc8e821c5c0b45632fb2673ef7
-
SHA1
fe284b82d1cdd6513e404c3afee726a264ea210f
-
SHA256
fa7d17b12b39ab0cadef911a0540ec8adad3b89a7f0cdf0217faafcbe7defd02
-
SHA512
2d7bd52eaa5ea4566e42bf0ccfd22619c7d88c93ce03e55b367326362aec2a7d382c058444608fb3431274849ace5602fe803bbc46a4b0dfc25a1213331d7797
-
SSDEEP
98304:bMIwCeNIp7mrmH39JW0ckvUhqbUgu0QDk0l0y/C/U00fVU15PA2:bBwCmIp7Ci3XwSxbLu0E0yeIUT42
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1