General
-
Target
a07f8fcb935ff93a13e07c74f2705683d93fa71d7f7e494cb210225ac1eb8dc8
-
Size
4.2MB
-
Sample
240419-rebgksfb6w
-
MD5
8f9e24d6ed40f77f07b4a63ecb0e36ba
-
SHA1
5d064315446c9e2e805ba0019a1895ab5c17cd83
-
SHA256
a07f8fcb935ff93a13e07c74f2705683d93fa71d7f7e494cb210225ac1eb8dc8
-
SHA512
bfb0441f116d71825c91f87120c668306fc321c948d9b817fa65b5339b0339b0eaf01130e3484bd6439a36033bcba53c9fd7693f95a9c8c84916a10948eee536
-
SSDEEP
98304:Lu15A1GiNRFuKfVvdEh8/k6ld6teGU//blllQO5EUt0+BFZRUpdVYI:LaARFuKJWhQkavn//blllQdNaFDGXb
Static task
static1
Behavioral task
behavioral1
Sample
a07f8fcb935ff93a13e07c74f2705683d93fa71d7f7e494cb210225ac1eb8dc8.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
a07f8fcb935ff93a13e07c74f2705683d93fa71d7f7e494cb210225ac1eb8dc8
-
Size
4.2MB
-
MD5
8f9e24d6ed40f77f07b4a63ecb0e36ba
-
SHA1
5d064315446c9e2e805ba0019a1895ab5c17cd83
-
SHA256
a07f8fcb935ff93a13e07c74f2705683d93fa71d7f7e494cb210225ac1eb8dc8
-
SHA512
bfb0441f116d71825c91f87120c668306fc321c948d9b817fa65b5339b0339b0eaf01130e3484bd6439a36033bcba53c9fd7693f95a9c8c84916a10948eee536
-
SSDEEP
98304:Lu15A1GiNRFuKfVvdEh8/k6ld6teGU//blllQO5EUt0+BFZRUpdVYI:LaARFuKJWhQkavn//blllQdNaFDGXb
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1