General
-
Target
f3bdbee6bfde820276d5dc2e9cfb24564137ab0697cbcf6e9073ca98af5a225c
-
Size
4.2MB
-
Sample
240419-hv1xqsbe44
-
MD5
320abca5c3ab3ee0a5142fc9583cffdd
-
SHA1
16430a912780d515b65a1ce2670474a8f490f6fd
-
SHA256
f3bdbee6bfde820276d5dc2e9cfb24564137ab0697cbcf6e9073ca98af5a225c
-
SHA512
9afe4c03c6fd287013524839281f067355fe1dfe6c51f36640b177c2112572a9dd86a07208d1497e6899c816cef2f67fe7cfbb0c78517be2c8e2d6bf75f93e48
-
SSDEEP
98304:PNkDk7Y2e9fhWY+LbgLFpBVAayCN/CB0J4dlv7S/k29jp/4E:Wk7LeNhW/+FpBVAa19Ce4dlv7wZ4E
Static task
static1
Behavioral task
behavioral1
Sample
f3bdbee6bfde820276d5dc2e9cfb24564137ab0697cbcf6e9073ca98af5a225c.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
f3bdbee6bfde820276d5dc2e9cfb24564137ab0697cbcf6e9073ca98af5a225c
-
Size
4.2MB
-
MD5
320abca5c3ab3ee0a5142fc9583cffdd
-
SHA1
16430a912780d515b65a1ce2670474a8f490f6fd
-
SHA256
f3bdbee6bfde820276d5dc2e9cfb24564137ab0697cbcf6e9073ca98af5a225c
-
SHA512
9afe4c03c6fd287013524839281f067355fe1dfe6c51f36640b177c2112572a9dd86a07208d1497e6899c816cef2f67fe7cfbb0c78517be2c8e2d6bf75f93e48
-
SSDEEP
98304:PNkDk7Y2e9fhWY+LbgLFpBVAayCN/CB0J4dlv7S/k29jp/4E:Wk7LeNhW/+FpBVAa19Ce4dlv7wZ4E
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1