General
-
Target
869086676503ef842045aa014b52cc86549e5629781839500a5da88c36ad7201
-
Size
4.1MB
-
Sample
240516-pv2mlach7z
-
MD5
e4829369d712c9f3ea9e47bbafdab7d8
-
SHA1
af1a5f98bf6a9e9c41c409019432357ad07641e3
-
SHA256
869086676503ef842045aa014b52cc86549e5629781839500a5da88c36ad7201
-
SHA512
fc80bb17cd7c8f0def79d7481a60e2ff40b4f3372c50cde0a16ed4c4b4140fa4c374f9d3d309ce1abb809d2414a58deecf27b63eb21e415ae0801d51b8694e56
-
SSDEEP
98304:cl9GTbLtL99uWlQGfUFGGhNMfnjCzwWu2csDCx3z+ty:hT3oWlQMUAMlWxj+ty
Static task
static1
Behavioral task
behavioral1
Sample
869086676503ef842045aa014b52cc86549e5629781839500a5da88c36ad7201.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
869086676503ef842045aa014b52cc86549e5629781839500a5da88c36ad7201
-
Size
4.1MB
-
MD5
e4829369d712c9f3ea9e47bbafdab7d8
-
SHA1
af1a5f98bf6a9e9c41c409019432357ad07641e3
-
SHA256
869086676503ef842045aa014b52cc86549e5629781839500a5da88c36ad7201
-
SHA512
fc80bb17cd7c8f0def79d7481a60e2ff40b4f3372c50cde0a16ed4c4b4140fa4c374f9d3d309ce1abb809d2414a58deecf27b63eb21e415ae0801d51b8694e56
-
SSDEEP
98304:cl9GTbLtL99uWlQGfUFGGhNMfnjCzwWu2csDCx3z+ty:hT3oWlQMUAMlWxj+ty
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1