General
-
Target
07270bab16055d1e81979513acc2b260396435be75c1ea83d068135d33fd1f89
-
Size
4.2MB
-
Sample
240417-p45evahe7v
-
MD5
76e60e94332cc2170e2671b684e5e9cd
-
SHA1
c6bb992ab018290e3fc87db58d6a86198e3c434d
-
SHA256
07270bab16055d1e81979513acc2b260396435be75c1ea83d068135d33fd1f89
-
SHA512
e2bb67ec1d9eb3a62ca77eb55acafd66103e05d85897a91a6938c732e629e40f1d2cf31e67684326ecb51c3e22d43237a9836f00454bd47634651016059ad58c
-
SSDEEP
98304:3wgJ0K+PIdMx0kJiFtsOSoRTiNy5FTeRdH/jgRnLKd+iGCp3lZyxxbliJ:oPIhkJiF6OSCTez0RwjGiZkl6
Static task
static1
Behavioral task
behavioral1
Sample
07270bab16055d1e81979513acc2b260396435be75c1ea83d068135d33fd1f89.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
07270bab16055d1e81979513acc2b260396435be75c1ea83d068135d33fd1f89
-
Size
4.2MB
-
MD5
76e60e94332cc2170e2671b684e5e9cd
-
SHA1
c6bb992ab018290e3fc87db58d6a86198e3c434d
-
SHA256
07270bab16055d1e81979513acc2b260396435be75c1ea83d068135d33fd1f89
-
SHA512
e2bb67ec1d9eb3a62ca77eb55acafd66103e05d85897a91a6938c732e629e40f1d2cf31e67684326ecb51c3e22d43237a9836f00454bd47634651016059ad58c
-
SSDEEP
98304:3wgJ0K+PIdMx0kJiFtsOSoRTiNy5FTeRdH/jgRnLKd+iGCp3lZyxxbliJ:oPIhkJiF6OSCTez0RwjGiZkl6
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1