General
-
Target
e76b0d442257b858b6fa9cf9359aee81baffd2e3caa64f00b62a3eefda826167
-
Size
4.1MB
-
Sample
240519-gcwpmacg9x
-
MD5
13c93e83e0c88b132e67fb0a2785cb36
-
SHA1
dbd0ba5e97752a2be3f4c4a0ddbb446d5bc4476f
-
SHA256
e76b0d442257b858b6fa9cf9359aee81baffd2e3caa64f00b62a3eefda826167
-
SHA512
e26588221f737aa86b5c946cc658add9645fa819b733baf9fd2a8296051dbdcb0a43b82bd92a4b0ec0a6b33b6ed1889d51a00b1db8e3691020e78d9c41ecfd98
-
SSDEEP
98304:kWlQWNKQPwrulMpohZQjk4lnBk2/sgseYryCqOgI7KD2bsOvJZ+2+YZ:kW16ulMesXlnBp/sjruCqmtIOvaq
Static task
static1
Behavioral task
behavioral1
Sample
e76b0d442257b858b6fa9cf9359aee81baffd2e3caa64f00b62a3eefda826167.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
e76b0d442257b858b6fa9cf9359aee81baffd2e3caa64f00b62a3eefda826167
-
Size
4.1MB
-
MD5
13c93e83e0c88b132e67fb0a2785cb36
-
SHA1
dbd0ba5e97752a2be3f4c4a0ddbb446d5bc4476f
-
SHA256
e76b0d442257b858b6fa9cf9359aee81baffd2e3caa64f00b62a3eefda826167
-
SHA512
e26588221f737aa86b5c946cc658add9645fa819b733baf9fd2a8296051dbdcb0a43b82bd92a4b0ec0a6b33b6ed1889d51a00b1db8e3691020e78d9c41ecfd98
-
SSDEEP
98304:kWlQWNKQPwrulMpohZQjk4lnBk2/sgseYryCqOgI7KD2bsOvJZ+2+YZ:kW16ulMesXlnBp/sjruCqmtIOvaq
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1