General
-
Target
2c01dd23a27aa6c17b946113f0fcacac8eae26c0d9dc964e1d142cb2d5219016
-
Size
4.1MB
-
Sample
240519-kw98xabc4w
-
MD5
881f0e1b55a24e9862e8be400b59f45f
-
SHA1
1d51b95c585db438f094fe1e850969d9dfb1ed29
-
SHA256
2c01dd23a27aa6c17b946113f0fcacac8eae26c0d9dc964e1d142cb2d5219016
-
SHA512
79157352c7993ea45a67399c5a6559d6ebd5f1503f22f91f7e67d91e275931d33d4a60b0d25b28e53c09c3b1bd08d1c2e7c9b8ef9465a8bb62068278c8dbcaca
-
SSDEEP
98304:QvCQaDBnSWO/B+XxjapSyZlG1PnsYHdaWgIg92gsnC3bzMZh6P1a:QvC3DFSWO/BjYGk1PnXHoWWZ1za6Na
Static task
static1
Behavioral task
behavioral1
Sample
2c01dd23a27aa6c17b946113f0fcacac8eae26c0d9dc964e1d142cb2d5219016.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
2c01dd23a27aa6c17b946113f0fcacac8eae26c0d9dc964e1d142cb2d5219016
-
Size
4.1MB
-
MD5
881f0e1b55a24e9862e8be400b59f45f
-
SHA1
1d51b95c585db438f094fe1e850969d9dfb1ed29
-
SHA256
2c01dd23a27aa6c17b946113f0fcacac8eae26c0d9dc964e1d142cb2d5219016
-
SHA512
79157352c7993ea45a67399c5a6559d6ebd5f1503f22f91f7e67d91e275931d33d4a60b0d25b28e53c09c3b1bd08d1c2e7c9b8ef9465a8bb62068278c8dbcaca
-
SSDEEP
98304:QvCQaDBnSWO/B+XxjapSyZlG1PnsYHdaWgIg92gsnC3bzMZh6P1a:QvC3DFSWO/BjYGk1PnXHoWWZ1za6Na
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1