General
-
Target
9f5b8aa266cfe1d3cda895fa3710e77e90982e33370ef78f57d3b40e301af389
-
Size
4.2MB
-
Sample
240419-x83qtadd73
-
MD5
9cc466c25987d9b6fb55e22f351f9608
-
SHA1
71cc0a724fca10d32cb9b54b38acf2d6733e1133
-
SHA256
9f5b8aa266cfe1d3cda895fa3710e77e90982e33370ef78f57d3b40e301af389
-
SHA512
6dd293f948f4678ed7e0a38c264f2e2ef768ef5b9c8f2f4b12625754549a6c93057c2f3a23b34a5d2c0a0a5f87f9eb1d0d752effb146499e5158397ae14dc6b6
-
SSDEEP
98304:btwUIgr6Tu/hivXD0fl0IvZVjhgp1+mYFjvUcmYnimsjZaHeL:Jw6rquKXDtU1Y2GYniVjUH+
Static task
static1
Behavioral task
behavioral1
Sample
9f5b8aa266cfe1d3cda895fa3710e77e90982e33370ef78f57d3b40e301af389.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
9f5b8aa266cfe1d3cda895fa3710e77e90982e33370ef78f57d3b40e301af389
-
Size
4.2MB
-
MD5
9cc466c25987d9b6fb55e22f351f9608
-
SHA1
71cc0a724fca10d32cb9b54b38acf2d6733e1133
-
SHA256
9f5b8aa266cfe1d3cda895fa3710e77e90982e33370ef78f57d3b40e301af389
-
SHA512
6dd293f948f4678ed7e0a38c264f2e2ef768ef5b9c8f2f4b12625754549a6c93057c2f3a23b34a5d2c0a0a5f87f9eb1d0d752effb146499e5158397ae14dc6b6
-
SSDEEP
98304:btwUIgr6Tu/hivXD0fl0IvZVjhgp1+mYFjvUcmYnimsjZaHeL:Jw6rquKXDtU1Y2GYniVjUH+
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1