General
-
Target
302770c5aa78e2bb3a35e5cec3267a448b940b50d7d6d55bddc834c26549a8c1
-
Size
4.2MB
-
Sample
240417-skbj7sde34
-
MD5
83407feb13683370d4e853622f636e81
-
SHA1
ccb9042541180f3cc30f4440eb60112b96d08c72
-
SHA256
302770c5aa78e2bb3a35e5cec3267a448b940b50d7d6d55bddc834c26549a8c1
-
SHA512
16341eb63084b03d158e8546d15d190455392c1a7a9d1dc4c719942029bfcd0da81536349c5de4484f6b9f0e89737ce6e3f1254992578268e053219a6cbf0d06
-
SSDEEP
49152:LMHICC+QSI60PU9JxQmCyuoNbdaRjKWhg6Fgwtw907GqxUhn/2B3sxVJ7i+NBPix:IHFCy0PUDbdaR/a+iGqhn/GsxbuoAx
Static task
static1
Behavioral task
behavioral1
Sample
302770c5aa78e2bb3a35e5cec3267a448b940b50d7d6d55bddc834c26549a8c1.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
302770c5aa78e2bb3a35e5cec3267a448b940b50d7d6d55bddc834c26549a8c1
-
Size
4.2MB
-
MD5
83407feb13683370d4e853622f636e81
-
SHA1
ccb9042541180f3cc30f4440eb60112b96d08c72
-
SHA256
302770c5aa78e2bb3a35e5cec3267a448b940b50d7d6d55bddc834c26549a8c1
-
SHA512
16341eb63084b03d158e8546d15d190455392c1a7a9d1dc4c719942029bfcd0da81536349c5de4484f6b9f0e89737ce6e3f1254992578268e053219a6cbf0d06
-
SSDEEP
49152:LMHICC+QSI60PU9JxQmCyuoNbdaRjKWhg6Fgwtw907GqxUhn/2B3sxVJ7i+NBPix:IHFCy0PUDbdaR/a+iGqhn/GsxbuoAx
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1