General
-
Target
29952f2b6008a7eec87a4db1bc2accbcac48f7c43bf81ad7a1098c14c85b3f39
-
Size
4.2MB
-
Sample
240420-sh2zdabc25
-
MD5
bcbf7ed4c75703f6eff1d0a396e2683c
-
SHA1
4eea98e6f5537b1e5bc4d45cf68188ba0caeeb67
-
SHA256
29952f2b6008a7eec87a4db1bc2accbcac48f7c43bf81ad7a1098c14c85b3f39
-
SHA512
7b95c225e0d3c9ec3265c35ccfa758f9d05c30798a9635003249d507f15431fac8e01aa2250f40f3a3e8ff5e765d0d4b07bf5f6ec81a5cada917f9db16acdb70
-
SSDEEP
49152:hKOdvREmi8iTwPpeYBnAu4QJI7RESGN2UNQnUyHdr+bW0USBgrsqhT/DWSjgq2S2:IOLEfT6eYBhfhWV+b2vbWNq2SbuhRD
Static task
static1
Behavioral task
behavioral1
Sample
29952f2b6008a7eec87a4db1bc2accbcac48f7c43bf81ad7a1098c14c85b3f39.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
29952f2b6008a7eec87a4db1bc2accbcac48f7c43bf81ad7a1098c14c85b3f39
-
Size
4.2MB
-
MD5
bcbf7ed4c75703f6eff1d0a396e2683c
-
SHA1
4eea98e6f5537b1e5bc4d45cf68188ba0caeeb67
-
SHA256
29952f2b6008a7eec87a4db1bc2accbcac48f7c43bf81ad7a1098c14c85b3f39
-
SHA512
7b95c225e0d3c9ec3265c35ccfa758f9d05c30798a9635003249d507f15431fac8e01aa2250f40f3a3e8ff5e765d0d4b07bf5f6ec81a5cada917f9db16acdb70
-
SSDEEP
49152:hKOdvREmi8iTwPpeYBnAu4QJI7RESGN2UNQnUyHdr+bW0USBgrsqhT/DWSjgq2S2:IOLEfT6eYBhfhWV+b2vbWNq2SbuhRD
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1