General
-
Target
28b1010cbd9400550c0c72bcb521d4a814b1a05699982c7ab46383fd659e505d
-
Size
4.2MB
-
Sample
240419-bf6fcaca77
-
MD5
dd2139dced2c570b97ce909285d1fda9
-
SHA1
542a77752f83dffe076091d600711f20b63de5f5
-
SHA256
28b1010cbd9400550c0c72bcb521d4a814b1a05699982c7ab46383fd659e505d
-
SHA512
8919c5e3e47031f9a740eb5be5f85d3950151bc18eeb905cff11cbc5655856357948a2a814305254dd7bc3d84fb28f8c7f1bf0a8df7edab3317e5b1b78e6c20d
-
SSDEEP
98304:KeU9Bh0ZpWG7460rhxj0FMVy+9LgCbGoD1OyJCOsGUxDW88A2xBQ0b:K9j0jWE+llaMVy+90CpOuCOqDWtA2xB/
Static task
static1
Behavioral task
behavioral1
Sample
28b1010cbd9400550c0c72bcb521d4a814b1a05699982c7ab46383fd659e505d.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
28b1010cbd9400550c0c72bcb521d4a814b1a05699982c7ab46383fd659e505d
-
Size
4.2MB
-
MD5
dd2139dced2c570b97ce909285d1fda9
-
SHA1
542a77752f83dffe076091d600711f20b63de5f5
-
SHA256
28b1010cbd9400550c0c72bcb521d4a814b1a05699982c7ab46383fd659e505d
-
SHA512
8919c5e3e47031f9a740eb5be5f85d3950151bc18eeb905cff11cbc5655856357948a2a814305254dd7bc3d84fb28f8c7f1bf0a8df7edab3317e5b1b78e6c20d
-
SSDEEP
98304:KeU9Bh0ZpWG7460rhxj0FMVy+9LgCbGoD1OyJCOsGUxDW88A2xBQ0b:K9j0jWE+llaMVy+90CpOuCOqDWtA2xB/
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1