General
-
Target
4069e747b113bdb34f1fbbbe0c22bcf74b140ad7f2b2bfaaab90c6d7dcac6f92
-
Size
4.1MB
-
Sample
240516-plqtqsch74
-
MD5
1a7841d32db93a8df749a6d27139d15a
-
SHA1
25e52bb1fd5e9f63ca5a66f9eb08fbe756132fdc
-
SHA256
4069e747b113bdb34f1fbbbe0c22bcf74b140ad7f2b2bfaaab90c6d7dcac6f92
-
SHA512
02b9fc8619f20da2bf2a46f5902334f6d98adeefe4bd94534bc6b6065fa7f073c4d7e610c8c100f321ee8947c7c2ec0aae6288a9c9874b98610dd78def750421
-
SSDEEP
98304:N/lx2VB4FLDQS1OmkYbRsTncIxTvyO2P5x7YbDUU8S:dlgkYS1OmbburVLyO2P5x7Yb4o
Static task
static1
Behavioral task
behavioral1
Sample
4069e747b113bdb34f1fbbbe0c22bcf74b140ad7f2b2bfaaab90c6d7dcac6f92.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
4069e747b113bdb34f1fbbbe0c22bcf74b140ad7f2b2bfaaab90c6d7dcac6f92
-
Size
4.1MB
-
MD5
1a7841d32db93a8df749a6d27139d15a
-
SHA1
25e52bb1fd5e9f63ca5a66f9eb08fbe756132fdc
-
SHA256
4069e747b113bdb34f1fbbbe0c22bcf74b140ad7f2b2bfaaab90c6d7dcac6f92
-
SHA512
02b9fc8619f20da2bf2a46f5902334f6d98adeefe4bd94534bc6b6065fa7f073c4d7e610c8c100f321ee8947c7c2ec0aae6288a9c9874b98610dd78def750421
-
SSDEEP
98304:N/lx2VB4FLDQS1OmkYbRsTncIxTvyO2P5x7YbDUU8S:dlgkYS1OmbburVLyO2P5x7Yb4o
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1