General
-
Target
c489ceb1beb400232c6dbf04a40aa2a437c3670a04122f86e5e0486cf90a10d1
-
Size
4.2MB
-
Sample
240419-hv324abe47
-
MD5
b764fe34c29225bd5a310fe4a77eec31
-
SHA1
20feb31705a26fbcec37aae2a274c2987699c6e4
-
SHA256
c489ceb1beb400232c6dbf04a40aa2a437c3670a04122f86e5e0486cf90a10d1
-
SHA512
713d39e49031c575897ecd7ac3bbdea1bb9b7714207036319ce3cf1a3b5975dab7bbc7fd5390e5ea208dbfd99b9718046e18144e94d728b57fb560dec8c0cea4
-
SSDEEP
98304:XNkDk7Y2e9fhWY+LbgLFpBVAayCN/CB0J4dlv7S/k29jp/4+:+k7LeNhW/+FpBVAa19Ce4dlv7wZ4+
Static task
static1
Behavioral task
behavioral1
Sample
c489ceb1beb400232c6dbf04a40aa2a437c3670a04122f86e5e0486cf90a10d1.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
c489ceb1beb400232c6dbf04a40aa2a437c3670a04122f86e5e0486cf90a10d1
-
Size
4.2MB
-
MD5
b764fe34c29225bd5a310fe4a77eec31
-
SHA1
20feb31705a26fbcec37aae2a274c2987699c6e4
-
SHA256
c489ceb1beb400232c6dbf04a40aa2a437c3670a04122f86e5e0486cf90a10d1
-
SHA512
713d39e49031c575897ecd7ac3bbdea1bb9b7714207036319ce3cf1a3b5975dab7bbc7fd5390e5ea208dbfd99b9718046e18144e94d728b57fb560dec8c0cea4
-
SSDEEP
98304:XNkDk7Y2e9fhWY+LbgLFpBVAayCN/CB0J4dlv7S/k29jp/4+:+k7LeNhW/+FpBVAa19Ce4dlv7wZ4+
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1