General
-
Target
9a7076cd8a7525f2c09f27d4bbf18f271de08e50ea7ff9803dab5087f4fef60c
-
Size
4.1MB
-
Sample
240517-qd3n1aac4y
-
MD5
404152452f49adaff5259a65028794d1
-
SHA1
bbb3bd703dc0e176ddde8ee2874029e89387a81d
-
SHA256
9a7076cd8a7525f2c09f27d4bbf18f271de08e50ea7ff9803dab5087f4fef60c
-
SHA512
63a8604171c5afa03f9eabf26f389f0a2d50962935911175831c5a060783ac563cb2f9aab0961f72e9b3126bc6f5f94aba93fd55da198fa54bd3b8c71b701f1d
-
SSDEEP
98304:/hzlfCz+ccJ0CpUiRHjJlGcG1klIkRd3fLKEvm:Jz9CiccJ0CpfGcGG1DfLI
Static task
static1
Behavioral task
behavioral1
Sample
9a7076cd8a7525f2c09f27d4bbf18f271de08e50ea7ff9803dab5087f4fef60c.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
9a7076cd8a7525f2c09f27d4bbf18f271de08e50ea7ff9803dab5087f4fef60c
-
Size
4.1MB
-
MD5
404152452f49adaff5259a65028794d1
-
SHA1
bbb3bd703dc0e176ddde8ee2874029e89387a81d
-
SHA256
9a7076cd8a7525f2c09f27d4bbf18f271de08e50ea7ff9803dab5087f4fef60c
-
SHA512
63a8604171c5afa03f9eabf26f389f0a2d50962935911175831c5a060783ac563cb2f9aab0961f72e9b3126bc6f5f94aba93fd55da198fa54bd3b8c71b701f1d
-
SSDEEP
98304:/hzlfCz+ccJ0CpUiRHjJlGcG1klIkRd3fLKEvm:Jz9CiccJ0CpfGcGG1DfLI
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1