General
-
Target
831336c61a34f8a71530c2aba43253646922ea840c018e83c1e3b6f70d1d7a07
-
Size
4.1MB
-
Sample
240519-rde4dabb26
-
MD5
245441f290f9315d150f6ce2090dd30f
-
SHA1
46bdef0eee88dca718b7efe92d9a38bbb6893b65
-
SHA256
831336c61a34f8a71530c2aba43253646922ea840c018e83c1e3b6f70d1d7a07
-
SHA512
2fd750a088c637cca7317a6014fe875a6e66f10e15878195c0b13383038a16a07f8d1b78bfb48122982484f31870f1480ffd967c824610b6fcc74521e38ac040
-
SSDEEP
98304:IuOdAWE/bfbxbxBimum48oJjLrUZhWcgWy75MTps2CObMUZCzBS/:IuOpIddBi3V8Ojm7gWylM939Cm
Static task
static1
Behavioral task
behavioral1
Sample
831336c61a34f8a71530c2aba43253646922ea840c018e83c1e3b6f70d1d7a07.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
831336c61a34f8a71530c2aba43253646922ea840c018e83c1e3b6f70d1d7a07
-
Size
4.1MB
-
MD5
245441f290f9315d150f6ce2090dd30f
-
SHA1
46bdef0eee88dca718b7efe92d9a38bbb6893b65
-
SHA256
831336c61a34f8a71530c2aba43253646922ea840c018e83c1e3b6f70d1d7a07
-
SHA512
2fd750a088c637cca7317a6014fe875a6e66f10e15878195c0b13383038a16a07f8d1b78bfb48122982484f31870f1480ffd967c824610b6fcc74521e38ac040
-
SSDEEP
98304:IuOdAWE/bfbxbxBimum48oJjLrUZhWcgWy75MTps2CObMUZCzBS/:IuOpIddBi3V8Ojm7gWylM939Cm
-
Glupteba payload
-
Blocklisted process makes network request
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1