General
-
Target
46af2657db6af2ca1d034de8ef495598cb3ae04b699e18d12e1a86068007be35
-
Size
4.2MB
-
Sample
240417-smrn7sdf29
-
MD5
cb9218378fdf4bcc04ac80684a944b6a
-
SHA1
104e20155585e426ab6d018fcfa635426fa7e8cf
-
SHA256
46af2657db6af2ca1d034de8ef495598cb3ae04b699e18d12e1a86068007be35
-
SHA512
42370a06df8dd54b68d7ab35d2d0af78b18e5fbcd153db3675c30d2777f6a87b6a2a3a0bf302fc5230c557f3edc502b77ac60bdf12be034aaeb42ffee9161d27
-
SSDEEP
49152:rMHICC+QSI60PU9JxQmCyuoNbdaRjKWhg6Fgwtw907GqxUhn/2B3sxVJ7i+NBPiE:oHFCy0PUDbdaR/a+iGqhn/GsxbuoAE
Static task
static1
Behavioral task
behavioral1
Sample
46af2657db6af2ca1d034de8ef495598cb3ae04b699e18d12e1a86068007be35.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
46af2657db6af2ca1d034de8ef495598cb3ae04b699e18d12e1a86068007be35
-
Size
4.2MB
-
MD5
cb9218378fdf4bcc04ac80684a944b6a
-
SHA1
104e20155585e426ab6d018fcfa635426fa7e8cf
-
SHA256
46af2657db6af2ca1d034de8ef495598cb3ae04b699e18d12e1a86068007be35
-
SHA512
42370a06df8dd54b68d7ab35d2d0af78b18e5fbcd153db3675c30d2777f6a87b6a2a3a0bf302fc5230c557f3edc502b77ac60bdf12be034aaeb42ffee9161d27
-
SSDEEP
49152:rMHICC+QSI60PU9JxQmCyuoNbdaRjKWhg6Fgwtw907GqxUhn/2B3sxVJ7i+NBPiE:oHFCy0PUDbdaR/a+iGqhn/GsxbuoAE
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1