General
-
Target
1ccd82eea69db23eee29d8c582b0d00fa446fb5c17d9f66ff1be975e386e0bd4
-
Size
4.1MB
-
Sample
240519-rc34taba92
-
MD5
020f8317a10199696c559739689f75dd
-
SHA1
d18e7ac271b5e303538314de2640455050c4954c
-
SHA256
1ccd82eea69db23eee29d8c582b0d00fa446fb5c17d9f66ff1be975e386e0bd4
-
SHA512
e582ff0c018ca32014c6928476d123155ce73636d4c192356fbc4d9deebbc99a85b40d54cb1dfe592ef5576210e32d9cbadf26331545a70f6b2c5acdb7d3e718
-
SSDEEP
98304:IuOdAWE/bfbxbxBimum48oJjLrUZhWcgWy75MTps2CObMUZCzBSh:IuOpIddBi3V8Ojm7gWylM939CM
Static task
static1
Behavioral task
behavioral1
Sample
1ccd82eea69db23eee29d8c582b0d00fa446fb5c17d9f66ff1be975e386e0bd4.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
1ccd82eea69db23eee29d8c582b0d00fa446fb5c17d9f66ff1be975e386e0bd4
-
Size
4.1MB
-
MD5
020f8317a10199696c559739689f75dd
-
SHA1
d18e7ac271b5e303538314de2640455050c4954c
-
SHA256
1ccd82eea69db23eee29d8c582b0d00fa446fb5c17d9f66ff1be975e386e0bd4
-
SHA512
e582ff0c018ca32014c6928476d123155ce73636d4c192356fbc4d9deebbc99a85b40d54cb1dfe592ef5576210e32d9cbadf26331545a70f6b2c5acdb7d3e718
-
SSDEEP
98304:IuOdAWE/bfbxbxBimum48oJjLrUZhWcgWy75MTps2CObMUZCzBSh:IuOpIddBi3V8Ojm7gWylM939CM
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1