General
-
Target
3408b564ef8a141be8b665645f0eb58e3de8acb8d221c70b82936222f376d9d3
-
Size
4.2MB
-
Sample
240419-x35m8adc48
-
MD5
7259a8faf0ebdc840803df9282ee426c
-
SHA1
bd6353cc66c7937a43d2621ecbd0a4152d1bd01b
-
SHA256
3408b564ef8a141be8b665645f0eb58e3de8acb8d221c70b82936222f376d9d3
-
SHA512
4cdf9deb0680fd64a8dc49bec67d759d5f16c50161757e5359cfc734634a55a09789919ff88239f05667120f5210c3abe9cf6555ff22510f6141367a37b26bbb
-
SSDEEP
98304:rtwUIgr6Tu/hivXD0fl0IvZVjhgp1+mYFjvUcmYnimsjZaHei:5w6rquKXDtU1Y2GYniVjUH7
Static task
static1
Behavioral task
behavioral1
Sample
3408b564ef8a141be8b665645f0eb58e3de8acb8d221c70b82936222f376d9d3.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
3408b564ef8a141be8b665645f0eb58e3de8acb8d221c70b82936222f376d9d3
-
Size
4.2MB
-
MD5
7259a8faf0ebdc840803df9282ee426c
-
SHA1
bd6353cc66c7937a43d2621ecbd0a4152d1bd01b
-
SHA256
3408b564ef8a141be8b665645f0eb58e3de8acb8d221c70b82936222f376d9d3
-
SHA512
4cdf9deb0680fd64a8dc49bec67d759d5f16c50161757e5359cfc734634a55a09789919ff88239f05667120f5210c3abe9cf6555ff22510f6141367a37b26bbb
-
SSDEEP
98304:rtwUIgr6Tu/hivXD0fl0IvZVjhgp1+mYFjvUcmYnimsjZaHei:5w6rquKXDtU1Y2GYniVjUH7
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1