General
-
Target
411b3b01d42c95d1d726c603d15df14a0e1c7d2fe5b3d6876296620442621238
-
Size
4.1MB
-
Sample
240519-kwt7pabc3w
-
MD5
6c483ee8a3efdf90eda75ef0f70ccc2b
-
SHA1
18e628bef94b720ad0160d1f1f67cc48641bb60b
-
SHA256
411b3b01d42c95d1d726c603d15df14a0e1c7d2fe5b3d6876296620442621238
-
SHA512
c45a4da2821ec04fe751d11f7c8a2926cf66a6db2fa30600a5d1e7ecc0ed62e0f0bf6c3811f13cecef0cc0568ccd909b068a28cf5bc0053fdef17ff2bb00fb5f
-
SSDEEP
98304:AvCQaDBnSWO/B+XxjapSyZlG1PnsYHdaWgIg92gsnC3bzMZh6P1w:AvC3DFSWO/BjYGk1PnXHoWWZ1za6Nw
Static task
static1
Behavioral task
behavioral1
Sample
411b3b01d42c95d1d726c603d15df14a0e1c7d2fe5b3d6876296620442621238.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
411b3b01d42c95d1d726c603d15df14a0e1c7d2fe5b3d6876296620442621238
-
Size
4.1MB
-
MD5
6c483ee8a3efdf90eda75ef0f70ccc2b
-
SHA1
18e628bef94b720ad0160d1f1f67cc48641bb60b
-
SHA256
411b3b01d42c95d1d726c603d15df14a0e1c7d2fe5b3d6876296620442621238
-
SHA512
c45a4da2821ec04fe751d11f7c8a2926cf66a6db2fa30600a5d1e7ecc0ed62e0f0bf6c3811f13cecef0cc0568ccd909b068a28cf5bc0053fdef17ff2bb00fb5f
-
SSDEEP
98304:AvCQaDBnSWO/B+XxjapSyZlG1PnsYHdaWgIg92gsnC3bzMZh6P1w:AvC3DFSWO/BjYGk1PnXHoWWZ1za6Nw
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1