General
-
Target
9f75cac6bd87113f5ddf2aaa64c8037803486b5c9eefed93c0b20dc0eb32e827
-
Size
4.1MB
-
Sample
240515-lmpfhsbe96
-
MD5
541c4b37f895df8604405f1802c78f96
-
SHA1
e745d345c873b4baee8a85604a295703721b1f19
-
SHA256
9f75cac6bd87113f5ddf2aaa64c8037803486b5c9eefed93c0b20dc0eb32e827
-
SHA512
6ebdc7d8e12625dfadd301ca7a6ae33c3b896a4406622fbc6a9bcea74c18b2f08ac9186b180bfac1c88a23bd35b4069c349903ee6b110674a7474316e3c44a64
-
SSDEEP
98304:rMIwCeNIp7mrmH39JW0ckvUhqbUgu0QDk0l0y/C/U00fVU15PAY:rBwCmIp7Ci3XwSxbLu0E0yeIUT4Y
Static task
static1
Behavioral task
behavioral1
Sample
9f75cac6bd87113f5ddf2aaa64c8037803486b5c9eefed93c0b20dc0eb32e827.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
9f75cac6bd87113f5ddf2aaa64c8037803486b5c9eefed93c0b20dc0eb32e827
-
Size
4.1MB
-
MD5
541c4b37f895df8604405f1802c78f96
-
SHA1
e745d345c873b4baee8a85604a295703721b1f19
-
SHA256
9f75cac6bd87113f5ddf2aaa64c8037803486b5c9eefed93c0b20dc0eb32e827
-
SHA512
6ebdc7d8e12625dfadd301ca7a6ae33c3b896a4406622fbc6a9bcea74c18b2f08ac9186b180bfac1c88a23bd35b4069c349903ee6b110674a7474316e3c44a64
-
SSDEEP
98304:rMIwCeNIp7mrmH39JW0ckvUhqbUgu0QDk0l0y/C/U00fVU15PAY:rBwCmIp7Ci3XwSxbLu0E0yeIUT4Y
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1