General
-
Target
281bd4b64963ad7615f7550370a0a95c8c9d0e93edbed0eeb23745073575358d
-
Size
4.2MB
-
Sample
240417-267n7shb86
-
MD5
97cea45558647206b215ad033751d6ae
-
SHA1
ca36be9b42d7e88bf142e25d666170123ceebe6e
-
SHA256
281bd4b64963ad7615f7550370a0a95c8c9d0e93edbed0eeb23745073575358d
-
SHA512
94e09585dc18ad39e55ab4084162b8eca6eb5b94c7bd64e65597fe0e7edf77f9d512d6b4f8b571b80390f6ce9d0f8756fcda6c57de6dfe3b4f1d6aa6437b624d
-
SSDEEP
98304:Fuj+q6TJ4wJXu5ZJ1j+7xTB8ercClYoKJ32fC3NV26E3wqtOnXcGdwYxx1:4j+FTuwJ2ZmxTB8FOXbwqtOnFmYx1
Static task
static1
Behavioral task
behavioral1
Sample
281bd4b64963ad7615f7550370a0a95c8c9d0e93edbed0eeb23745073575358d.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
281bd4b64963ad7615f7550370a0a95c8c9d0e93edbed0eeb23745073575358d
-
Size
4.2MB
-
MD5
97cea45558647206b215ad033751d6ae
-
SHA1
ca36be9b42d7e88bf142e25d666170123ceebe6e
-
SHA256
281bd4b64963ad7615f7550370a0a95c8c9d0e93edbed0eeb23745073575358d
-
SHA512
94e09585dc18ad39e55ab4084162b8eca6eb5b94c7bd64e65597fe0e7edf77f9d512d6b4f8b571b80390f6ce9d0f8756fcda6c57de6dfe3b4f1d6aa6437b624d
-
SSDEEP
98304:Fuj+q6TJ4wJXu5ZJ1j+7xTB8ercClYoKJ32fC3NV26E3wqtOnXcGdwYxx1:4j+FTuwJ2ZmxTB8FOXbwqtOnFmYx1
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1