General
-
Target
0c965a2d8dd9953f5241e79f8707361a3e1d49e0292c44006b99ac1a14e4139a
-
Size
4.2MB
-
Sample
240419-asz9esbc33
-
MD5
a1ba7703972b944f80457568e342ea46
-
SHA1
73ff7f896b756cc66eab3dd549e029408ae5b12b
-
SHA256
0c965a2d8dd9953f5241e79f8707361a3e1d49e0292c44006b99ac1a14e4139a
-
SHA512
ca9dae5cf0c7d129ec2412419703d5452496abaa94159b1bfff8c6749ce9de573eb04516e93d8d323ccd28e2ad9d33b89adc515395c08726603ffd8ac8ec61df
-
SSDEEP
98304:+bvDuo/zvoC5HERRwr8YNEXJ0TS4JBXxT3BRfe7gLCxccCwfp3PGPzDBAeGjYAe:+nBoCproYNEXJ0O+Xpe7jrRPGnBARjfe
Static task
static1
Behavioral task
behavioral1
Sample
0c965a2d8dd9953f5241e79f8707361a3e1d49e0292c44006b99ac1a14e4139a.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
0c965a2d8dd9953f5241e79f8707361a3e1d49e0292c44006b99ac1a14e4139a
-
Size
4.2MB
-
MD5
a1ba7703972b944f80457568e342ea46
-
SHA1
73ff7f896b756cc66eab3dd549e029408ae5b12b
-
SHA256
0c965a2d8dd9953f5241e79f8707361a3e1d49e0292c44006b99ac1a14e4139a
-
SHA512
ca9dae5cf0c7d129ec2412419703d5452496abaa94159b1bfff8c6749ce9de573eb04516e93d8d323ccd28e2ad9d33b89adc515395c08726603ffd8ac8ec61df
-
SSDEEP
98304:+bvDuo/zvoC5HERRwr8YNEXJ0TS4JBXxT3BRfe7gLCxccCwfp3PGPzDBAeGjYAe:+nBoCproYNEXJ0O+Xpe7jrRPGnBARjfe
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1