General
-
Target
15bbf04148565d2dbf7bb81a902101399ac1f20edda7ae77213a8b97f5615b98
-
Size
4.2MB
-
Sample
240420-z8kaksac48
-
MD5
c03d5b59011cda23e1ec9775a6c18ff3
-
SHA1
5aca29ecc8b7e6bbfee886d648b6e07d6bab6869
-
SHA256
15bbf04148565d2dbf7bb81a902101399ac1f20edda7ae77213a8b97f5615b98
-
SHA512
0439ecba33ccfb05ada25f37e43c8007e9887baf426b2389aa44a8330aaa2e696339d9fd0084f3f694c88dc7726ef1f2c872344309d604a876052e71c9c24d36
-
SSDEEP
98304:qB6TE4JDSTIitXqfSjBwF+v4rSSNjcdSqGUwT7RQU7Op:3TFmTI8qKjKFA4r+dAh7RQUM
Static task
static1
Behavioral task
behavioral1
Sample
15bbf04148565d2dbf7bb81a902101399ac1f20edda7ae77213a8b97f5615b98.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
15bbf04148565d2dbf7bb81a902101399ac1f20edda7ae77213a8b97f5615b98
-
Size
4.2MB
-
MD5
c03d5b59011cda23e1ec9775a6c18ff3
-
SHA1
5aca29ecc8b7e6bbfee886d648b6e07d6bab6869
-
SHA256
15bbf04148565d2dbf7bb81a902101399ac1f20edda7ae77213a8b97f5615b98
-
SHA512
0439ecba33ccfb05ada25f37e43c8007e9887baf426b2389aa44a8330aaa2e696339d9fd0084f3f694c88dc7726ef1f2c872344309d604a876052e71c9c24d36
-
SSDEEP
98304:qB6TE4JDSTIitXqfSjBwF+v4rSSNjcdSqGUwT7RQU7Op:3TFmTI8qKjKFA4r+dAh7RQUM
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1