General
-
Target
9a06f3ce468f5b672a4bd901a4fe3c042ee7ecb64efe32793e3dd03626d1e7a9
-
Size
4.2MB
-
Sample
240420-zpal2ahf83
-
MD5
80df3dfe061cc8643c3028c9d9ebcda8
-
SHA1
070fbaa876f3921e3046969f93464ece33940fb6
-
SHA256
9a06f3ce468f5b672a4bd901a4fe3c042ee7ecb64efe32793e3dd03626d1e7a9
-
SHA512
1c4b3f81446dc6687703a036d751e51cc324f59902b73932e1b9eac4958da3186ddbda799bf62311b06e1eb599082849b2b9137044b2ea48f29399ae0762c53f
-
SSDEEP
98304:jVFRqPMdPA984H0WMAw6acMgLNchhd+W2lPIIo31xn1vrLR/3Lzs:ZFYkS+E0uawLNQ+/9Bo7/c
Static task
static1
Behavioral task
behavioral1
Sample
9a06f3ce468f5b672a4bd901a4fe3c042ee7ecb64efe32793e3dd03626d1e7a9.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral2
Sample
9a06f3ce468f5b672a4bd901a4fe3c042ee7ecb64efe32793e3dd03626d1e7a9.exe
Resource
win11-20240412-en
Malware Config
Targets
-
-
Target
9a06f3ce468f5b672a4bd901a4fe3c042ee7ecb64efe32793e3dd03626d1e7a9
-
Size
4.2MB
-
MD5
80df3dfe061cc8643c3028c9d9ebcda8
-
SHA1
070fbaa876f3921e3046969f93464ece33940fb6
-
SHA256
9a06f3ce468f5b672a4bd901a4fe3c042ee7ecb64efe32793e3dd03626d1e7a9
-
SHA512
1c4b3f81446dc6687703a036d751e51cc324f59902b73932e1b9eac4958da3186ddbda799bf62311b06e1eb599082849b2b9137044b2ea48f29399ae0762c53f
-
SSDEEP
98304:jVFRqPMdPA984H0WMAw6acMgLNchhd+W2lPIIo31xn1vrLR/3Lzs:ZFYkS+E0uawLNQ+/9Bo7/c
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1