General
-
Target
bd735fb40da8ebda13128b9e3b8e3048d7235b8150de04cc9e20d48a4e360014
-
Size
4.2MB
-
Sample
240419-hvxv3sbe38
-
MD5
a0455783057716ecd106cc4baa50fb59
-
SHA1
3eeafb5a2a3b82d757f1e995b9cf44c0bc15ffc4
-
SHA256
bd735fb40da8ebda13128b9e3b8e3048d7235b8150de04cc9e20d48a4e360014
-
SHA512
325ad4f8c4975e2277948968ae7d6751e2d17b98becb3d46b4b59ff8737cdef97d967f6149bdc94171eec99ccd6a3be7729c94a8e60314bc72aaabbb5918d219
-
SSDEEP
98304:PNkDk7Y2e9fhWY+LbgLFpBVAayCN/CB0J4dlv7S/k29jp/49:Wk7LeNhW/+FpBVAa19Ce4dlv7wZ49
Static task
static1
Behavioral task
behavioral1
Sample
bd735fb40da8ebda13128b9e3b8e3048d7235b8150de04cc9e20d48a4e360014.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
bd735fb40da8ebda13128b9e3b8e3048d7235b8150de04cc9e20d48a4e360014
-
Size
4.2MB
-
MD5
a0455783057716ecd106cc4baa50fb59
-
SHA1
3eeafb5a2a3b82d757f1e995b9cf44c0bc15ffc4
-
SHA256
bd735fb40da8ebda13128b9e3b8e3048d7235b8150de04cc9e20d48a4e360014
-
SHA512
325ad4f8c4975e2277948968ae7d6751e2d17b98becb3d46b4b59ff8737cdef97d967f6149bdc94171eec99ccd6a3be7729c94a8e60314bc72aaabbb5918d219
-
SSDEEP
98304:PNkDk7Y2e9fhWY+LbgLFpBVAayCN/CB0J4dlv7S/k29jp/49:Wk7LeNhW/+FpBVAa19Ce4dlv7wZ49
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1