General
-
Target
d7f964cfd25a379e65efe8354ff96bea7c313189c90661a1f5aaed6795e64184
-
Size
4.1MB
-
Sample
240519-gac5hacf9t
-
MD5
ba7e41c248ff54f89b1b633f5674460e
-
SHA1
82da9cb6853bde05962905babe7aeeb3d7d640d3
-
SHA256
d7f964cfd25a379e65efe8354ff96bea7c313189c90661a1f5aaed6795e64184
-
SHA512
f83c1c0c7859a340de9be6cc2ec06063c8250c0f4c1d7b120f8c1c08ac6e50ed72be013a39097216f435ec79c40016f520891f205011ef139ee7eaf04193931b
-
SSDEEP
98304:kWlQWNKQPwrulMpohZQjk4lnBk2/sgseYryCqOgI7KD2bsOvJZ+2+Yi:kW16ulMesXlnBp/sjruCqmtIOva1
Static task
static1
Behavioral task
behavioral1
Sample
d7f964cfd25a379e65efe8354ff96bea7c313189c90661a1f5aaed6795e64184.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
d7f964cfd25a379e65efe8354ff96bea7c313189c90661a1f5aaed6795e64184
-
Size
4.1MB
-
MD5
ba7e41c248ff54f89b1b633f5674460e
-
SHA1
82da9cb6853bde05962905babe7aeeb3d7d640d3
-
SHA256
d7f964cfd25a379e65efe8354ff96bea7c313189c90661a1f5aaed6795e64184
-
SHA512
f83c1c0c7859a340de9be6cc2ec06063c8250c0f4c1d7b120f8c1c08ac6e50ed72be013a39097216f435ec79c40016f520891f205011ef139ee7eaf04193931b
-
SSDEEP
98304:kWlQWNKQPwrulMpohZQjk4lnBk2/sgseYryCqOgI7KD2bsOvJZ+2+Yi:kW16ulMesXlnBp/sjruCqmtIOva1
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1