General
-
Target
ebb99489b66b8d0a838adc0ac0cb13cf0641a4ba0618644311a26982692e938e
-
Size
4.2MB
-
Sample
240419-bbfdcsbg95
-
MD5
df93b9b1fb9fe310d16e573d47bc2d5a
-
SHA1
f3ce40f30135473ead9495cd91b607f0186611c7
-
SHA256
ebb99489b66b8d0a838adc0ac0cb13cf0641a4ba0618644311a26982692e938e
-
SHA512
0179314c61f3a746c81d0b2e3fd6db46fda3d707d4452c2c319e8b25195d7adad05650967d406d6cf8e25e3a743a7b7f7949971d673d463df7d82e38f87c41c0
-
SSDEEP
98304:KeU9Bh0ZpWG7460rhxj0FMVy+9LgCbGoD1OyJCOsGUxDW88A2xBQ03:K9j0jWE+llaMVy+90CpOuCOqDWtA2xBL
Static task
static1
Behavioral task
behavioral1
Sample
ebb99489b66b8d0a838adc0ac0cb13cf0641a4ba0618644311a26982692e938e.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
ebb99489b66b8d0a838adc0ac0cb13cf0641a4ba0618644311a26982692e938e
-
Size
4.2MB
-
MD5
df93b9b1fb9fe310d16e573d47bc2d5a
-
SHA1
f3ce40f30135473ead9495cd91b607f0186611c7
-
SHA256
ebb99489b66b8d0a838adc0ac0cb13cf0641a4ba0618644311a26982692e938e
-
SHA512
0179314c61f3a746c81d0b2e3fd6db46fda3d707d4452c2c319e8b25195d7adad05650967d406d6cf8e25e3a743a7b7f7949971d673d463df7d82e38f87c41c0
-
SSDEEP
98304:KeU9Bh0ZpWG7460rhxj0FMVy+9LgCbGoD1OyJCOsGUxDW88A2xBQ03:K9j0jWE+llaMVy+90CpOuCOqDWtA2xBL
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1