General
-
Target
960ba0887cf5903bfc5d17e74447a1ddf4d65d7f0737e7152831893f9cf087b9
-
Size
4.2MB
-
Sample
240420-z8xwnsah2w
-
MD5
e30504e89f111a4003523547709abd18
-
SHA1
a7fbeeff802197a2544026e2718c8f7c211cfa01
-
SHA256
960ba0887cf5903bfc5d17e74447a1ddf4d65d7f0737e7152831893f9cf087b9
-
SHA512
30e3adf560fc74ef8b86c923c298223f146a601b60fec02071735f29d4ca7cb1ed51a44132bc664baf7e17edba0a9ce0a9291aa56ae11d3c7d40ded75344cf88
-
SSDEEP
98304:6B6TE4JDSTIitXqfSjBwF+v4rSSNjcdSqGUwT7RQU7O2:HTFmTI8qKjKFA4r+dAh7RQUf
Static task
static1
Behavioral task
behavioral1
Sample
960ba0887cf5903bfc5d17e74447a1ddf4d65d7f0737e7152831893f9cf087b9.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
960ba0887cf5903bfc5d17e74447a1ddf4d65d7f0737e7152831893f9cf087b9
-
Size
4.2MB
-
MD5
e30504e89f111a4003523547709abd18
-
SHA1
a7fbeeff802197a2544026e2718c8f7c211cfa01
-
SHA256
960ba0887cf5903bfc5d17e74447a1ddf4d65d7f0737e7152831893f9cf087b9
-
SHA512
30e3adf560fc74ef8b86c923c298223f146a601b60fec02071735f29d4ca7cb1ed51a44132bc664baf7e17edba0a9ce0a9291aa56ae11d3c7d40ded75344cf88
-
SSDEEP
98304:6B6TE4JDSTIitXqfSjBwF+v4rSSNjcdSqGUwT7RQU7O2:HTFmTI8qKjKFA4r+dAh7RQUf
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1