General
-
Target
b0adfc2aed107501c7f1d4774544ae904c967ff14bd0d8a5b1ce6e134842f7f3
-
Size
4.2MB
-
Sample
240420-sg2l8abb89
-
MD5
30c8f5bdab3a3135659d907654da0e6b
-
SHA1
6e912d641e525093bb4f7a7be2b156b4953837a0
-
SHA256
b0adfc2aed107501c7f1d4774544ae904c967ff14bd0d8a5b1ce6e134842f7f3
-
SHA512
04593650f2bcd17763045b94b3d2cc78c94fc4c2c958a4fadc208fed83cf8388b4d239d85772ab079645300e471a21cd251f6baa93abd0cba062c122dc624075
-
SSDEEP
49152:5KOdvREmi8iTwPpeYBnAu4QJI7RESGN2UNQnUyHdr+bW0USBgrsqhT/DWSjgq2SC:wOLEfT6eYBhfhWV+b2vbWNq2SbuhR7
Static task
static1
Behavioral task
behavioral1
Sample
b0adfc2aed107501c7f1d4774544ae904c967ff14bd0d8a5b1ce6e134842f7f3.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
b0adfc2aed107501c7f1d4774544ae904c967ff14bd0d8a5b1ce6e134842f7f3
-
Size
4.2MB
-
MD5
30c8f5bdab3a3135659d907654da0e6b
-
SHA1
6e912d641e525093bb4f7a7be2b156b4953837a0
-
SHA256
b0adfc2aed107501c7f1d4774544ae904c967ff14bd0d8a5b1ce6e134842f7f3
-
SHA512
04593650f2bcd17763045b94b3d2cc78c94fc4c2c958a4fadc208fed83cf8388b4d239d85772ab079645300e471a21cd251f6baa93abd0cba062c122dc624075
-
SSDEEP
49152:5KOdvREmi8iTwPpeYBnAu4QJI7RESGN2UNQnUyHdr+bW0USBgrsqhT/DWSjgq2SC:wOLEfT6eYBhfhWV+b2vbWNq2SbuhR7
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1