General
-
Target
733b48d4ab3d9b8e238e8754be55f8f65c8828ccb89f8036ca4fa6d9c365c1e1
-
Size
4.2MB
-
Sample
240419-be8t3sca37
-
MD5
a133d81d522c002d67e1e3bda08c7c5b
-
SHA1
1ccfad9ac193b263dec99701d9743103daf5cc0e
-
SHA256
733b48d4ab3d9b8e238e8754be55f8f65c8828ccb89f8036ca4fa6d9c365c1e1
-
SHA512
29ecb8db53d28fd12b70366c0b0f59576efb1ec2828470b73432b79af561d11a342e7a51be846e123116ffd7a15b8da1f99e17c342b3e06a0a2407950f0f4138
-
SSDEEP
98304:6eU9Bh0ZpWG7460rhxj0FMVy+9LgCbGoD1OyJCOsGUxDW88A2xBQ0w:a9j0jWE+llaMVy+90CpOuCOqDWtA2xBE
Static task
static1
Behavioral task
behavioral1
Sample
733b48d4ab3d9b8e238e8754be55f8f65c8828ccb89f8036ca4fa6d9c365c1e1.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
733b48d4ab3d9b8e238e8754be55f8f65c8828ccb89f8036ca4fa6d9c365c1e1
-
Size
4.2MB
-
MD5
a133d81d522c002d67e1e3bda08c7c5b
-
SHA1
1ccfad9ac193b263dec99701d9743103daf5cc0e
-
SHA256
733b48d4ab3d9b8e238e8754be55f8f65c8828ccb89f8036ca4fa6d9c365c1e1
-
SHA512
29ecb8db53d28fd12b70366c0b0f59576efb1ec2828470b73432b79af561d11a342e7a51be846e123116ffd7a15b8da1f99e17c342b3e06a0a2407950f0f4138
-
SSDEEP
98304:6eU9Bh0ZpWG7460rhxj0FMVy+9LgCbGoD1OyJCOsGUxDW88A2xBQ0w:a9j0jWE+llaMVy+90CpOuCOqDWtA2xBE
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1