General
-
Target
c80f34dcc7c1439b496d5bc0029f04bc5e16af4a1d87d14a0797da2094404efb
-
Size
4.1MB
-
Sample
240421-p6vcnacc8x
-
MD5
641c4f0c0832d5db7edfd312d1ea4866
-
SHA1
ae2385ea5b5bd0c1522bab9fe2f40a07c7afc8f4
-
SHA256
c80f34dcc7c1439b496d5bc0029f04bc5e16af4a1d87d14a0797da2094404efb
-
SHA512
8484210d67127f49ea2e89ff473a350aee949480acbd64108c90d0cf7896893956a8359c1dbe8bd87b4acb0eb511a87a3670a2a4e4636464336617cf16d42358
-
SSDEEP
98304:wupp3WUkLaIVxVQ5Lfi8+DAGSBgUwbhlmIRT0sLJ5J:t24wrgi8oddlbb
Static task
static1
Behavioral task
behavioral1
Sample
c80f34dcc7c1439b496d5bc0029f04bc5e16af4a1d87d14a0797da2094404efb.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
c80f34dcc7c1439b496d5bc0029f04bc5e16af4a1d87d14a0797da2094404efb
-
Size
4.1MB
-
MD5
641c4f0c0832d5db7edfd312d1ea4866
-
SHA1
ae2385ea5b5bd0c1522bab9fe2f40a07c7afc8f4
-
SHA256
c80f34dcc7c1439b496d5bc0029f04bc5e16af4a1d87d14a0797da2094404efb
-
SHA512
8484210d67127f49ea2e89ff473a350aee949480acbd64108c90d0cf7896893956a8359c1dbe8bd87b4acb0eb511a87a3670a2a4e4636464336617cf16d42358
-
SSDEEP
98304:wupp3WUkLaIVxVQ5Lfi8+DAGSBgUwbhlmIRT0sLJ5J:t24wrgi8oddlbb
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1