General
-
Target
beb2741671d9affaf12c8b7be77479b4b4bb22b523b5435658b2d050af087e83
-
Size
4.2MB
-
Sample
240419-bgn8fscb22
-
MD5
dda7f8df8d3b436be2e1f5e06044e8ee
-
SHA1
5d4ca4e1f30b8bd73e21f473617d1ecb2f269fe4
-
SHA256
beb2741671d9affaf12c8b7be77479b4b4bb22b523b5435658b2d050af087e83
-
SHA512
d0fd6e1a535828a03a9b9a0d665ab3f79292689dd43ecd9fe5a83701ca29b8e701a0aa76eb2760d343873ee674a065ab9ff71b8b18b2fcff260537ab9ca2ab9d
-
SSDEEP
98304:KeU9Bh0ZpWG7460rhxj0FMVy+9LgCbGoD1OyJCOsGUxDW88A2xBQ0y:K9j0jWE+llaMVy+90CpOuCOqDWtA2xBO
Static task
static1
Behavioral task
behavioral1
Sample
beb2741671d9affaf12c8b7be77479b4b4bb22b523b5435658b2d050af087e83.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
beb2741671d9affaf12c8b7be77479b4b4bb22b523b5435658b2d050af087e83
-
Size
4.2MB
-
MD5
dda7f8df8d3b436be2e1f5e06044e8ee
-
SHA1
5d4ca4e1f30b8bd73e21f473617d1ecb2f269fe4
-
SHA256
beb2741671d9affaf12c8b7be77479b4b4bb22b523b5435658b2d050af087e83
-
SHA512
d0fd6e1a535828a03a9b9a0d665ab3f79292689dd43ecd9fe5a83701ca29b8e701a0aa76eb2760d343873ee674a065ab9ff71b8b18b2fcff260537ab9ca2ab9d
-
SSDEEP
98304:KeU9Bh0ZpWG7460rhxj0FMVy+9LgCbGoD1OyJCOsGUxDW88A2xBQ0y:K9j0jWE+llaMVy+90CpOuCOqDWtA2xBO
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1