General
-
Target
b9df2710a2b71af9139373827354f14665fea10652871e6dacf8954e18322a7d
-
Size
4.2MB
-
Sample
240420-zjbbdahe49
-
MD5
8ec00d33cf600a6e0775180b2e0b6c0a
-
SHA1
ef12fe7f7484028c86592713ca67f0afe6ee2a94
-
SHA256
b9df2710a2b71af9139373827354f14665fea10652871e6dacf8954e18322a7d
-
SHA512
e160c75a21bb0794f881884e8543113659e7d2c23afb36e5c91b09209b0a1bfefae80491ef15eea588667a16611309ea5cdeb6a65dcd22e087031a38bf9b6ba7
-
SSDEEP
98304:bVFRqPMdPA984H0WMAw6acMgLNchhd+W2lPIIo31xn1vrLR/3LzT:hFYkS+E0uawLNQ+/9Bo7/D
Static task
static1
Behavioral task
behavioral1
Sample
b9df2710a2b71af9139373827354f14665fea10652871e6dacf8954e18322a7d.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
b9df2710a2b71af9139373827354f14665fea10652871e6dacf8954e18322a7d
-
Size
4.2MB
-
MD5
8ec00d33cf600a6e0775180b2e0b6c0a
-
SHA1
ef12fe7f7484028c86592713ca67f0afe6ee2a94
-
SHA256
b9df2710a2b71af9139373827354f14665fea10652871e6dacf8954e18322a7d
-
SHA512
e160c75a21bb0794f881884e8543113659e7d2c23afb36e5c91b09209b0a1bfefae80491ef15eea588667a16611309ea5cdeb6a65dcd22e087031a38bf9b6ba7
-
SSDEEP
98304:bVFRqPMdPA984H0WMAw6acMgLNchhd+W2lPIIo31xn1vrLR/3LzT:hFYkS+E0uawLNQ+/9Bo7/D
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1