General
-
Target
fa1650568608e8badd080972738ca149bd82833d4957d681e642323d3c8850c6
-
Size
4.1MB
-
Sample
240517-fd8j5shh5x
-
MD5
03a7d45e187dd295682841a6528e42d0
-
SHA1
754413d33dcbd38a6f1175c38aea1f1925c7a78c
-
SHA256
fa1650568608e8badd080972738ca149bd82833d4957d681e642323d3c8850c6
-
SHA512
027cca552ce668f8fb822243cae4242e6288691a34193afba50fae96d553538e81abf9f682c4a3cc23b5eabc79723c87b00d560148c590f6aec5fedc2a538c02
-
SSDEEP
98304:uNO3yy04ogde7ep0A2AdPyQGNgd0+V4CCH3iZ/qkVniougG1w:4OA8mA0A2AFyQ3d0+aD4qkVni5w
Static task
static1
Behavioral task
behavioral1
Sample
fa1650568608e8badd080972738ca149bd82833d4957d681e642323d3c8850c6.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
fa1650568608e8badd080972738ca149bd82833d4957d681e642323d3c8850c6
-
Size
4.1MB
-
MD5
03a7d45e187dd295682841a6528e42d0
-
SHA1
754413d33dcbd38a6f1175c38aea1f1925c7a78c
-
SHA256
fa1650568608e8badd080972738ca149bd82833d4957d681e642323d3c8850c6
-
SHA512
027cca552ce668f8fb822243cae4242e6288691a34193afba50fae96d553538e81abf9f682c4a3cc23b5eabc79723c87b00d560148c590f6aec5fedc2a538c02
-
SSDEEP
98304:uNO3yy04ogde7ep0A2AdPyQGNgd0+V4CCH3iZ/qkVniougG1w:4OA8mA0A2AFyQ3d0+aD4qkVni5w
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1