General
-
Target
25dbeef08f038c9cfec26195ebe2a762d0f5bb0625d53e8dfa7283ead9e71aa2
-
Size
4.1MB
-
Sample
240421-qbm6jacd9z
-
MD5
2d075e4be9e93a93169625a674513be0
-
SHA1
4d00218e067be5a6345b2b4e47ffb5586cbf8c45
-
SHA256
25dbeef08f038c9cfec26195ebe2a762d0f5bb0625d53e8dfa7283ead9e71aa2
-
SHA512
ac2681c303f9145749c902ca36a1f2b6d299b591cd68970d33a883a43d79d9bac5d881c6e84b18117bcf4510cf20f95a9a3a708430155a99bb9efab8d973dfb0
-
SSDEEP
98304:oupp3WUkLaIVxVQ5Lfi8+DAGSBgUwbhlmIRT0sLJ5D:l24wrgi8oddlbJ
Static task
static1
Behavioral task
behavioral1
Sample
25dbeef08f038c9cfec26195ebe2a762d0f5bb0625d53e8dfa7283ead9e71aa2.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
25dbeef08f038c9cfec26195ebe2a762d0f5bb0625d53e8dfa7283ead9e71aa2
-
Size
4.1MB
-
MD5
2d075e4be9e93a93169625a674513be0
-
SHA1
4d00218e067be5a6345b2b4e47ffb5586cbf8c45
-
SHA256
25dbeef08f038c9cfec26195ebe2a762d0f5bb0625d53e8dfa7283ead9e71aa2
-
SHA512
ac2681c303f9145749c902ca36a1f2b6d299b591cd68970d33a883a43d79d9bac5d881c6e84b18117bcf4510cf20f95a9a3a708430155a99bb9efab8d973dfb0
-
SSDEEP
98304:oupp3WUkLaIVxVQ5Lfi8+DAGSBgUwbhlmIRT0sLJ5D:l24wrgi8oddlbJ
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1