General
-
Target
85d9fb85e3bd205c6b78ea6ef41a4bc6590d853012d75cae888c896b9cb71b92
-
Size
4.2MB
-
Sample
240417-s2nk4aeb88
-
MD5
cf03a9206556110032e9aec6987fbbaf
-
SHA1
33f74cdfbbfc007ee40383862887121ac04e9a0e
-
SHA256
85d9fb85e3bd205c6b78ea6ef41a4bc6590d853012d75cae888c896b9cb71b92
-
SHA512
80b06f249907a3014e5644a691a6c4ba6922e7179a8d8246b5e8f77367d34b4e798febbefe04deaee56aabf95fdebdc8831380f746ad8a5de45df68f84eca8d2
-
SSDEEP
98304:LLVbjn5QXbYqWv3ncm0WhzzpB76eQWY7QAi:LRxMbhu1zzpBZQWY7QAi
Static task
static1
Behavioral task
behavioral1
Sample
85d9fb85e3bd205c6b78ea6ef41a4bc6590d853012d75cae888c896b9cb71b92.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
85d9fb85e3bd205c6b78ea6ef41a4bc6590d853012d75cae888c896b9cb71b92
-
Size
4.2MB
-
MD5
cf03a9206556110032e9aec6987fbbaf
-
SHA1
33f74cdfbbfc007ee40383862887121ac04e9a0e
-
SHA256
85d9fb85e3bd205c6b78ea6ef41a4bc6590d853012d75cae888c896b9cb71b92
-
SHA512
80b06f249907a3014e5644a691a6c4ba6922e7179a8d8246b5e8f77367d34b4e798febbefe04deaee56aabf95fdebdc8831380f746ad8a5de45df68f84eca8d2
-
SSDEEP
98304:LLVbjn5QXbYqWv3ncm0WhzzpB76eQWY7QAi:LRxMbhu1zzpBZQWY7QAi
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1