General
-
Target
77b6b2763da9a1a9cf0f5b6a8a8c6b7d0224c32ac1b47cdf990851048e97b9fc
-
Size
4.2MB
-
Sample
240417-sp11nafb6s
-
MD5
5357755ed41b382ca0386264a806d192
-
SHA1
f4dbf8950430ddc9b3168aeab29d5108e754af52
-
SHA256
77b6b2763da9a1a9cf0f5b6a8a8c6b7d0224c32ac1b47cdf990851048e97b9fc
-
SHA512
10b0530069250cbb1bc02b48a2bcdb4f997033c009b49e837a8995c138d62e9dfe18cefe53723fb073516668c78c3b33b3b4efe771b92776319bd445241436be
-
SSDEEP
98304:8woxqRNHtYTbrnnqfLVkrWMdzx639PKF8Qx/:HXR9tYTb7qxEbNx6NSx/
Static task
static1
Behavioral task
behavioral1
Sample
77b6b2763da9a1a9cf0f5b6a8a8c6b7d0224c32ac1b47cdf990851048e97b9fc.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
77b6b2763da9a1a9cf0f5b6a8a8c6b7d0224c32ac1b47cdf990851048e97b9fc
-
Size
4.2MB
-
MD5
5357755ed41b382ca0386264a806d192
-
SHA1
f4dbf8950430ddc9b3168aeab29d5108e754af52
-
SHA256
77b6b2763da9a1a9cf0f5b6a8a8c6b7d0224c32ac1b47cdf990851048e97b9fc
-
SHA512
10b0530069250cbb1bc02b48a2bcdb4f997033c009b49e837a8995c138d62e9dfe18cefe53723fb073516668c78c3b33b3b4efe771b92776319bd445241436be
-
SSDEEP
98304:8woxqRNHtYTbrnnqfLVkrWMdzx639PKF8Qx/:HXR9tYTb7qxEbNx6NSx/
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1