General
-
Target
ff3b0e72081c71743ef3863b05132631ca141fc38b96d04eed09074ae0a71716
-
Size
4.2MB
-
Sample
240417-skab5sde29
-
MD5
5f77ab86dc3f8d2a9ba198b89b66ed52
-
SHA1
650682eb46879757dba13c8e290ae9f775fb0801
-
SHA256
ff3b0e72081c71743ef3863b05132631ca141fc38b96d04eed09074ae0a71716
-
SHA512
2c2d0f36c6c3d40d2a969b2da07c666a84a39d034067a0daccde1a2f527b7da7ef81e39892e6562d21ce778183a18542e3d706b14f9fc24ffc5472cf72e2bb97
-
SSDEEP
49152:LMHICC+QSI60PU9JxQmCyuoNbdaRjKWhg6Fgwtw907GqxUhn/2B3sxVJ7i+NBPiZ:IHFCy0PUDbdaR/a+iGqhn/GsxbuoAZ
Static task
static1
Behavioral task
behavioral1
Sample
ff3b0e72081c71743ef3863b05132631ca141fc38b96d04eed09074ae0a71716.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
ff3b0e72081c71743ef3863b05132631ca141fc38b96d04eed09074ae0a71716
-
Size
4.2MB
-
MD5
5f77ab86dc3f8d2a9ba198b89b66ed52
-
SHA1
650682eb46879757dba13c8e290ae9f775fb0801
-
SHA256
ff3b0e72081c71743ef3863b05132631ca141fc38b96d04eed09074ae0a71716
-
SHA512
2c2d0f36c6c3d40d2a969b2da07c666a84a39d034067a0daccde1a2f527b7da7ef81e39892e6562d21ce778183a18542e3d706b14f9fc24ffc5472cf72e2bb97
-
SSDEEP
49152:LMHICC+QSI60PU9JxQmCyuoNbdaRjKWhg6Fgwtw907GqxUhn/2B3sxVJ7i+NBPiZ:IHFCy0PUDbdaR/a+iGqhn/GsxbuoAZ
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1