General
-
Target
bb2b0dccf9b800b81e64aabc8cf73ab72e4dd5412395fb01386e4295fc748577
-
Size
4.2MB
-
Sample
240419-x4seaadc57
-
MD5
4e5a9dbf1071bad4a09a7ae6eb19101b
-
SHA1
f1e37abee4fc5f90884bea594216aee813b51232
-
SHA256
bb2b0dccf9b800b81e64aabc8cf73ab72e4dd5412395fb01386e4295fc748577
-
SHA512
78f64539575b989a1ca21c6ce9b010d997f8f53846f4c09f1a11d98c5053717704d961e5e0da28daf43890517a10b572c3c885229148487ae2a2dd909c4c2c1d
-
SSDEEP
98304:TtwUIgr6Tu/hivXD0fl0IvZVjhgp1+mYFjvUcmYnimsjZaHe4:Rw6rquKXDtU1Y2GYniVjUH1
Static task
static1
Behavioral task
behavioral1
Sample
bb2b0dccf9b800b81e64aabc8cf73ab72e4dd5412395fb01386e4295fc748577.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
bb2b0dccf9b800b81e64aabc8cf73ab72e4dd5412395fb01386e4295fc748577
-
Size
4.2MB
-
MD5
4e5a9dbf1071bad4a09a7ae6eb19101b
-
SHA1
f1e37abee4fc5f90884bea594216aee813b51232
-
SHA256
bb2b0dccf9b800b81e64aabc8cf73ab72e4dd5412395fb01386e4295fc748577
-
SHA512
78f64539575b989a1ca21c6ce9b010d997f8f53846f4c09f1a11d98c5053717704d961e5e0da28daf43890517a10b572c3c885229148487ae2a2dd909c4c2c1d
-
SSDEEP
98304:TtwUIgr6Tu/hivXD0fl0IvZVjhgp1+mYFjvUcmYnimsjZaHe4:Rw6rquKXDtU1Y2GYniVjUH1
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1