General
-
Target
42cc21fb745138e07953e3b76a898a4004552e45b95818dc6faaadfa8a30c956
-
Size
4.1MB
-
Sample
240517-ptasgshd8s
-
MD5
990ea27474dc5fcaa993b566a886afe8
-
SHA1
ceb2d447a78335fc8adbf44bdce8b77192a64a5c
-
SHA256
42cc21fb745138e07953e3b76a898a4004552e45b95818dc6faaadfa8a30c956
-
SHA512
bc6c6a027cb4869a536e8691f549d0ab0540b79d20477f05dd7bc2a9c8a6673e6fda836b73e71addb53bfd0f9d303d2b3c03ece5eaf4db69798700958e4bf696
-
SSDEEP
98304:Md7tSzSG1TEQyj2soCVZzfOSLUhtCaFAX/iUIATxmmpvA2aCdQuFREnErz:ORMSLQaVNfPUP9FaqUIATxXaCdFFREn6
Static task
static1
Behavioral task
behavioral1
Sample
42cc21fb745138e07953e3b76a898a4004552e45b95818dc6faaadfa8a30c956.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
42cc21fb745138e07953e3b76a898a4004552e45b95818dc6faaadfa8a30c956
-
Size
4.1MB
-
MD5
990ea27474dc5fcaa993b566a886afe8
-
SHA1
ceb2d447a78335fc8adbf44bdce8b77192a64a5c
-
SHA256
42cc21fb745138e07953e3b76a898a4004552e45b95818dc6faaadfa8a30c956
-
SHA512
bc6c6a027cb4869a536e8691f549d0ab0540b79d20477f05dd7bc2a9c8a6673e6fda836b73e71addb53bfd0f9d303d2b3c03ece5eaf4db69798700958e4bf696
-
SSDEEP
98304:Md7tSzSG1TEQyj2soCVZzfOSLUhtCaFAX/iUIATxmmpvA2aCdQuFREnErz:ORMSLQaVNfPUP9FaqUIATxXaCdFFREn6
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1