General
-
Target
b88bcd7305546699509a6e0e2c2e522c73941d2e3d489b8dbd1c621e03a09b97
-
Size
4.2MB
-
Sample
240420-tl44ksch2s
-
MD5
e9ae570c5cc42d6394592ff8a0b97b82
-
SHA1
e6298d1c724eb1acd8d3fbfe0bba4a85dc9fc71a
-
SHA256
b88bcd7305546699509a6e0e2c2e522c73941d2e3d489b8dbd1c621e03a09b97
-
SHA512
501c5af7258779b4e05bccce2a123c137b36a97e771a938429506b95829c46f9bde09b68f9440a2f00a3e789e02a1115c7a37a91e42e5f0eff6868acb29f5949
-
SSDEEP
49152:Ar1oHj0tlV0f9s8MWzX04BUpcYbKwdRAyQZQ93cNVdRbmMzimZc5ZnjMAqqwRi8o:ABcwtA9b44emOBqNRUORBLE4Ajz7
Static task
static1
Behavioral task
behavioral1
Sample
b88bcd7305546699509a6e0e2c2e522c73941d2e3d489b8dbd1c621e03a09b97.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
b88bcd7305546699509a6e0e2c2e522c73941d2e3d489b8dbd1c621e03a09b97
-
Size
4.2MB
-
MD5
e9ae570c5cc42d6394592ff8a0b97b82
-
SHA1
e6298d1c724eb1acd8d3fbfe0bba4a85dc9fc71a
-
SHA256
b88bcd7305546699509a6e0e2c2e522c73941d2e3d489b8dbd1c621e03a09b97
-
SHA512
501c5af7258779b4e05bccce2a123c137b36a97e771a938429506b95829c46f9bde09b68f9440a2f00a3e789e02a1115c7a37a91e42e5f0eff6868acb29f5949
-
SSDEEP
49152:Ar1oHj0tlV0f9s8MWzX04BUpcYbKwdRAyQZQ93cNVdRbmMzimZc5ZnjMAqqwRi8o:ABcwtA9b44emOBqNRUORBLE4Ajz7
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1