General
-
Target
980c306f983d285e13ea544d5e00c3fa00884ccb9f80ddc60c3ebc90485f7f81
-
Size
4.2MB
-
Sample
240420-j6m1pacc96
-
MD5
62976fcb3e6f8885c8ef5b24a7d827d4
-
SHA1
6a6b70281168a3217b6d6091c762217c42c2f062
-
SHA256
980c306f983d285e13ea544d5e00c3fa00884ccb9f80ddc60c3ebc90485f7f81
-
SHA512
379557664212ebdf2eeddb95390dacce522c602d923f881196d5dd2c0b1c82f29431b64ae41cc3869576006625efc1017a670a840db6387d741f0ca1fc599760
-
SSDEEP
98304:yS8Tc81AzKVcNOUNHF6RiNP154spKvDdhObEo7QvVY0ryRAf1Tp7ORg:jEcJzF4UNHqA/dsmoVS4YAf19v
Static task
static1
Behavioral task
behavioral1
Sample
980c306f983d285e13ea544d5e00c3fa00884ccb9f80ddc60c3ebc90485f7f81.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
980c306f983d285e13ea544d5e00c3fa00884ccb9f80ddc60c3ebc90485f7f81
-
Size
4.2MB
-
MD5
62976fcb3e6f8885c8ef5b24a7d827d4
-
SHA1
6a6b70281168a3217b6d6091c762217c42c2f062
-
SHA256
980c306f983d285e13ea544d5e00c3fa00884ccb9f80ddc60c3ebc90485f7f81
-
SHA512
379557664212ebdf2eeddb95390dacce522c602d923f881196d5dd2c0b1c82f29431b64ae41cc3869576006625efc1017a670a840db6387d741f0ca1fc599760
-
SSDEEP
98304:yS8Tc81AzKVcNOUNHF6RiNP154spKvDdhObEo7QvVY0ryRAf1Tp7ORg:jEcJzF4UNHqA/dsmoVS4YAf19v
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1