General
-
Target
04bc76b2c46cd689c8a2f25174b0ba13183cd0781a0de540aec07fb1015a15c9
-
Size
4.1MB
-
Sample
240421-nhgwzshg76
-
MD5
837c28aa48c8750ea2bcba55c97219d0
-
SHA1
282382960da0f7c39da54a5cc8681caa4d180002
-
SHA256
04bc76b2c46cd689c8a2f25174b0ba13183cd0781a0de540aec07fb1015a15c9
-
SHA512
4087b3b4d47817e7335068ad23e61ec68b994e47d2a2e27c8da2748eb0cda52e33b4e77dc54b03ce416ee2705e4fb61e4af0a42a2bf9528d9e4c7f70ce06979c
-
SSDEEP
98304:ab4JZ188yFg2NHKKQqaBHENhLOMTEbJ8tA7UUJu481DBG9:JBdQ1naH+hM1NF8W9
Static task
static1
Behavioral task
behavioral1
Sample
04bc76b2c46cd689c8a2f25174b0ba13183cd0781a0de540aec07fb1015a15c9.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
04bc76b2c46cd689c8a2f25174b0ba13183cd0781a0de540aec07fb1015a15c9
-
Size
4.1MB
-
MD5
837c28aa48c8750ea2bcba55c97219d0
-
SHA1
282382960da0f7c39da54a5cc8681caa4d180002
-
SHA256
04bc76b2c46cd689c8a2f25174b0ba13183cd0781a0de540aec07fb1015a15c9
-
SHA512
4087b3b4d47817e7335068ad23e61ec68b994e47d2a2e27c8da2748eb0cda52e33b4e77dc54b03ce416ee2705e4fb61e4af0a42a2bf9528d9e4c7f70ce06979c
-
SSDEEP
98304:ab4JZ188yFg2NHKKQqaBHENhLOMTEbJ8tA7UUJu481DBG9:JBdQ1naH+hM1NF8W9
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1