General
-
Target
33080a9b54002ba4b4f349d0cbfad0516750958c29bfb60d8c88d309dd6147b0
-
Size
4.1MB
-
Sample
240421-j3p1wafb6y
-
MD5
234e01f6707aefa4d8a4d5cb6ffa4788
-
SHA1
8c2c31b86b10bb42cd3ac70178e8e2e727244467
-
SHA256
33080a9b54002ba4b4f349d0cbfad0516750958c29bfb60d8c88d309dd6147b0
-
SHA512
bec204b5b12781ac2e86ed0b7459cf0436324b726d28ef0ea90ed08f7e6a874b727a0ef876f8de1de1e38915dcc335a17eda4b5877a8ae5fcec6aba258ad547d
-
SSDEEP
98304:D4qWg+YQzLmftPjRs7JtBhUiZv1ggcXutB8ev+3Whzrl:TWg+YEmQ7rBhUiZtgg2AB8elhzrl
Static task
static1
Behavioral task
behavioral1
Sample
33080a9b54002ba4b4f349d0cbfad0516750958c29bfb60d8c88d309dd6147b0.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
33080a9b54002ba4b4f349d0cbfad0516750958c29bfb60d8c88d309dd6147b0
-
Size
4.1MB
-
MD5
234e01f6707aefa4d8a4d5cb6ffa4788
-
SHA1
8c2c31b86b10bb42cd3ac70178e8e2e727244467
-
SHA256
33080a9b54002ba4b4f349d0cbfad0516750958c29bfb60d8c88d309dd6147b0
-
SHA512
bec204b5b12781ac2e86ed0b7459cf0436324b726d28ef0ea90ed08f7e6a874b727a0ef876f8de1de1e38915dcc335a17eda4b5877a8ae5fcec6aba258ad547d
-
SSDEEP
98304:D4qWg+YQzLmftPjRs7JtBhUiZv1ggcXutB8ev+3Whzrl:TWg+YEmQ7rBhUiZtgg2AB8elhzrl
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1