General
-
Target
8faf805ee985ec1c1f9433fee7e2a4827d64a5b19327d4e7710f31d259637f24
-
Size
4.2MB
-
Sample
240419-2nt1dshe33
-
MD5
b413116e9122e54828de168502cf3316
-
SHA1
75b3d573fa4ffaed32d1aeaa548b9db874ccf277
-
SHA256
8faf805ee985ec1c1f9433fee7e2a4827d64a5b19327d4e7710f31d259637f24
-
SHA512
f6bc90690e144c0c2bc951d64bbc16c653d50cd7c3f939849c992aa176ed27e6b6f651388a7cebedf5bdb0ff150023b2ba5f89768ecacf7dfe76448538e15004
-
SSDEEP
98304:v/40EOOAEftLoGWLNDgTXMgGOTrFzBqlMJaGItfGo:ndVQtLoTZDg5GO9Bqlcg
Static task
static1
Behavioral task
behavioral1
Sample
8faf805ee985ec1c1f9433fee7e2a4827d64a5b19327d4e7710f31d259637f24.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
8faf805ee985ec1c1f9433fee7e2a4827d64a5b19327d4e7710f31d259637f24
-
Size
4.2MB
-
MD5
b413116e9122e54828de168502cf3316
-
SHA1
75b3d573fa4ffaed32d1aeaa548b9db874ccf277
-
SHA256
8faf805ee985ec1c1f9433fee7e2a4827d64a5b19327d4e7710f31d259637f24
-
SHA512
f6bc90690e144c0c2bc951d64bbc16c653d50cd7c3f939849c992aa176ed27e6b6f651388a7cebedf5bdb0ff150023b2ba5f89768ecacf7dfe76448538e15004
-
SSDEEP
98304:v/40EOOAEftLoGWLNDgTXMgGOTrFzBqlMJaGItfGo:ndVQtLoTZDg5GO9Bqlcg
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1