General
-
Target
9ce41f1c87a25cb233bc2be809aa568c46eed6d770c5a0f9fa07d6617b624b04
-
Size
4.1MB
-
Sample
240517-feqeyshh7v
-
MD5
cc5e1a2bfe21b0deb91a8d4dd06e09dd
-
SHA1
72fcbc48446d2cc9dd3a5554f3852ba1600f2ae6
-
SHA256
9ce41f1c87a25cb233bc2be809aa568c46eed6d770c5a0f9fa07d6617b624b04
-
SHA512
c7dcac574d402b95dd439244ba5d36453bf25e501bbfe2da9c48dc37a7f58c04a21a7cd287eb5413bf08f86e532b43ff31643f3dedcf81cb79069b29aefa392a
-
SSDEEP
98304:mNO3yy04ogde7ep0A2AdPyQGNgd0+V4CCH3iZ/qkVniougG1T:AOA8mA0A2AFyQ3d0+aD4qkVni5T
Static task
static1
Behavioral task
behavioral1
Sample
9ce41f1c87a25cb233bc2be809aa568c46eed6d770c5a0f9fa07d6617b624b04.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
9ce41f1c87a25cb233bc2be809aa568c46eed6d770c5a0f9fa07d6617b624b04
-
Size
4.1MB
-
MD5
cc5e1a2bfe21b0deb91a8d4dd06e09dd
-
SHA1
72fcbc48446d2cc9dd3a5554f3852ba1600f2ae6
-
SHA256
9ce41f1c87a25cb233bc2be809aa568c46eed6d770c5a0f9fa07d6617b624b04
-
SHA512
c7dcac574d402b95dd439244ba5d36453bf25e501bbfe2da9c48dc37a7f58c04a21a7cd287eb5413bf08f86e532b43ff31643f3dedcf81cb79069b29aefa392a
-
SSDEEP
98304:mNO3yy04ogde7ep0A2AdPyQGNgd0+V4CCH3iZ/qkVniougG1T:AOA8mA0A2AFyQ3d0+aD4qkVni5T
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1