General
-
Target
ac81aadfb7f50cf59362d2074aa48e37cf27a67082c3cae9b55e5a4ba0280b54
-
Size
4.2MB
-
Sample
240420-tmtdgacc88
-
MD5
2bc5c6cc81f6690de6a255b60d979260
-
SHA1
0b95f0c7ea5fd7d183c90fdacf64789b57ae7d42
-
SHA256
ac81aadfb7f50cf59362d2074aa48e37cf27a67082c3cae9b55e5a4ba0280b54
-
SHA512
95dfcfce860c4ae8c72ad3df3434c61ff07943ff9f9c66ea669168e9cc90ac238e97e3ededda5eec5b0507a9cfaa9b52241c49287d8a3b7c6a444ff449b030d9
-
SSDEEP
49152:Ar1oHj0tlV0f9s8MWzX04BUpcYbKwdRAyQZQ93cNVdRbmMzimZc5ZnjMAqqwRi88:ABcwtA9b44emOBqNRUORBLE4AjzX
Static task
static1
Behavioral task
behavioral1
Sample
ac81aadfb7f50cf59362d2074aa48e37cf27a67082c3cae9b55e5a4ba0280b54.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
ac81aadfb7f50cf59362d2074aa48e37cf27a67082c3cae9b55e5a4ba0280b54
-
Size
4.2MB
-
MD5
2bc5c6cc81f6690de6a255b60d979260
-
SHA1
0b95f0c7ea5fd7d183c90fdacf64789b57ae7d42
-
SHA256
ac81aadfb7f50cf59362d2074aa48e37cf27a67082c3cae9b55e5a4ba0280b54
-
SHA512
95dfcfce860c4ae8c72ad3df3434c61ff07943ff9f9c66ea669168e9cc90ac238e97e3ededda5eec5b0507a9cfaa9b52241c49287d8a3b7c6a444ff449b030d9
-
SSDEEP
49152:Ar1oHj0tlV0f9s8MWzX04BUpcYbKwdRAyQZQ93cNVdRbmMzimZc5ZnjMAqqwRi88:ABcwtA9b44emOBqNRUORBLE4AjzX
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1