General
-
Target
9fa45bbe1b4cd25678f3f1dbccc3d0d3136846db3c1c31f86edb08d53107733b
-
Size
4.2MB
-
Sample
240419-tbrqhagd25
-
MD5
80dcd002613d02cf485e511aa3cff427
-
SHA1
dc10c38af729c9b18b5840a149c28e65fe8f49bf
-
SHA256
9fa45bbe1b4cd25678f3f1dbccc3d0d3136846db3c1c31f86edb08d53107733b
-
SHA512
7fb5cd2886932cab4cf764bed7d3de6feabc434faf90a7d2e28dafb5e1034b546ddf7ba8a1998c7265eacb8b3d6d7ac02a4fe8ce038e3c1333d89337ae5388f1
-
SSDEEP
98304:XoZCtMNcIJm/Wi5iI7vKblq/qDx6472PxO1xv/KiJe/:X3OuIEug7vwUGt7S+nKp
Static task
static1
Behavioral task
behavioral1
Sample
9fa45bbe1b4cd25678f3f1dbccc3d0d3136846db3c1c31f86edb08d53107733b.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
9fa45bbe1b4cd25678f3f1dbccc3d0d3136846db3c1c31f86edb08d53107733b
-
Size
4.2MB
-
MD5
80dcd002613d02cf485e511aa3cff427
-
SHA1
dc10c38af729c9b18b5840a149c28e65fe8f49bf
-
SHA256
9fa45bbe1b4cd25678f3f1dbccc3d0d3136846db3c1c31f86edb08d53107733b
-
SHA512
7fb5cd2886932cab4cf764bed7d3de6feabc434faf90a7d2e28dafb5e1034b546ddf7ba8a1998c7265eacb8b3d6d7ac02a4fe8ce038e3c1333d89337ae5388f1
-
SSDEEP
98304:XoZCtMNcIJm/Wi5iI7vKblq/qDx6472PxO1xv/KiJe/:X3OuIEug7vwUGt7S+nKp
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1