General
-
Target
c9b81eb1ed1bb3d0b3c8ff4bb3c91bbbe84c810b926ca25ac63da394a4aa56d9
-
Size
4.1MB
-
Sample
240421-jxzm5afa6y
-
MD5
23856c8ea6ac0ce1b2f983295e1d45c3
-
SHA1
a5302373c7552092f3ceabfe744e6f808d7b1e00
-
SHA256
c9b81eb1ed1bb3d0b3c8ff4bb3c91bbbe84c810b926ca25ac63da394a4aa56d9
-
SHA512
2ab61a25e21d9feb815aa09d04988a2f50eba1abcdd7defc4fac2117978e16a5ff3158b8ea76b67b154d4c8927d9aad721b8f051c01871c735926062712e7fda
-
SSDEEP
98304:D4qWg+YQzLmftPjRs7JtBhUiZv1ggcXutB8ev+3Whzrj:TWg+YEmQ7rBhUiZtgg2AB8elhzrj
Static task
static1
Behavioral task
behavioral1
Sample
c9b81eb1ed1bb3d0b3c8ff4bb3c91bbbe84c810b926ca25ac63da394a4aa56d9.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
c9b81eb1ed1bb3d0b3c8ff4bb3c91bbbe84c810b926ca25ac63da394a4aa56d9
-
Size
4.1MB
-
MD5
23856c8ea6ac0ce1b2f983295e1d45c3
-
SHA1
a5302373c7552092f3ceabfe744e6f808d7b1e00
-
SHA256
c9b81eb1ed1bb3d0b3c8ff4bb3c91bbbe84c810b926ca25ac63da394a4aa56d9
-
SHA512
2ab61a25e21d9feb815aa09d04988a2f50eba1abcdd7defc4fac2117978e16a5ff3158b8ea76b67b154d4c8927d9aad721b8f051c01871c735926062712e7fda
-
SSDEEP
98304:D4qWg+YQzLmftPjRs7JtBhUiZv1ggcXutB8ev+3Whzrj:TWg+YEmQ7rBhUiZtgg2AB8elhzrj
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1