General
-
Target
88b1d7531704948104ee0ea36d4443d02d36d96e8a4434c93081de0f123a58ab
-
Size
4.2MB
-
Sample
240419-arhmzscb9x
-
MD5
02cdd996089a264535ac9ec1d498991c
-
SHA1
7ba58a989c639fe86d591965f11b104c8ef2d388
-
SHA256
88b1d7531704948104ee0ea36d4443d02d36d96e8a4434c93081de0f123a58ab
-
SHA512
c87954ee12270726e658975b18e64e50886c0e253f30a9bf3ce7aa7aa2e4068cb57429f4021e32110297449511e7619e40fa2684eeec11d51d4b50fe1c5d27fe
-
SSDEEP
98304:ObvDuo/zvoC5HERRwr8YNEXJ0TS4JBXxT3BRfe7gLCxccCwfp3PGPzDBAeGjYAn:OnBoCproYNEXJ0O+Xpe7jrRPGnBARjfn
Static task
static1
Behavioral task
behavioral1
Sample
88b1d7531704948104ee0ea36d4443d02d36d96e8a4434c93081de0f123a58ab.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
88b1d7531704948104ee0ea36d4443d02d36d96e8a4434c93081de0f123a58ab
-
Size
4.2MB
-
MD5
02cdd996089a264535ac9ec1d498991c
-
SHA1
7ba58a989c639fe86d591965f11b104c8ef2d388
-
SHA256
88b1d7531704948104ee0ea36d4443d02d36d96e8a4434c93081de0f123a58ab
-
SHA512
c87954ee12270726e658975b18e64e50886c0e253f30a9bf3ce7aa7aa2e4068cb57429f4021e32110297449511e7619e40fa2684eeec11d51d4b50fe1c5d27fe
-
SSDEEP
98304:ObvDuo/zvoC5HERRwr8YNEXJ0TS4JBXxT3BRfe7gLCxccCwfp3PGPzDBAeGjYAn:OnBoCproYNEXJ0O+Xpe7jrRPGnBARjfn
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1