General
-
Target
876e1f17c5f51de643c98f79a3dcf196adacc17ffbcd4e31a6bc04d2c3e2b8fc
-
Size
4.2MB
-
Sample
240419-benh5sbh97
-
MD5
d2493aba4559151d9874f7625df7a6a3
-
SHA1
518d5c94861912fd16da64b866ec8b963be2a1dd
-
SHA256
876e1f17c5f51de643c98f79a3dcf196adacc17ffbcd4e31a6bc04d2c3e2b8fc
-
SHA512
51fec8d165422664d623780f8486c6bda07661d0519432a5a22c3b714a4fe269ecfb514876494f8d51c7804eee66d1db2a03b65f6eb7717117dc284e46d8911a
-
SSDEEP
98304:KeU9Bh0ZpWG7460rhxj0FMVy+9LgCbGoD1OyJCOsGUxDW88A2xBQ0J:K9j0jWE+llaMVy+90CpOuCOqDWtA2xB1
Static task
static1
Behavioral task
behavioral1
Sample
876e1f17c5f51de643c98f79a3dcf196adacc17ffbcd4e31a6bc04d2c3e2b8fc.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
876e1f17c5f51de643c98f79a3dcf196adacc17ffbcd4e31a6bc04d2c3e2b8fc
-
Size
4.2MB
-
MD5
d2493aba4559151d9874f7625df7a6a3
-
SHA1
518d5c94861912fd16da64b866ec8b963be2a1dd
-
SHA256
876e1f17c5f51de643c98f79a3dcf196adacc17ffbcd4e31a6bc04d2c3e2b8fc
-
SHA512
51fec8d165422664d623780f8486c6bda07661d0519432a5a22c3b714a4fe269ecfb514876494f8d51c7804eee66d1db2a03b65f6eb7717117dc284e46d8911a
-
SSDEEP
98304:KeU9Bh0ZpWG7460rhxj0FMVy+9LgCbGoD1OyJCOsGUxDW88A2xBQ0J:K9j0jWE+llaMVy+90CpOuCOqDWtA2xB1
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1