General
-
Target
b5e973fc6207edbef535bca09380adf13a6611fa1b0473efa58696effa01d76f
-
Size
4.1MB
-
Sample
240421-y58nbsba42
-
MD5
7d46b67141d891c05dbefd9d1f656279
-
SHA1
06edbee65ce32087e5757ad71f904a6f6ca04673
-
SHA256
b5e973fc6207edbef535bca09380adf13a6611fa1b0473efa58696effa01d76f
-
SHA512
326d3eb59b7fd95400177e5463860b047f7b2a3ad7eaca5d37fec2ef2ee4c811761be8977f943bab1e6684e8e8bab7281cc409dc496da4522813d9cf83a321d2
-
SSDEEP
98304:w6+NbupGYWkWUKqb2mQEf1KRMJYjr3YWC6hMfGb3gpntSg:R+NqpqkWfc2mFNDYjrxhMfGQpntr
Static task
static1
Behavioral task
behavioral1
Sample
b5e973fc6207edbef535bca09380adf13a6611fa1b0473efa58696effa01d76f.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
b5e973fc6207edbef535bca09380adf13a6611fa1b0473efa58696effa01d76f
-
Size
4.1MB
-
MD5
7d46b67141d891c05dbefd9d1f656279
-
SHA1
06edbee65ce32087e5757ad71f904a6f6ca04673
-
SHA256
b5e973fc6207edbef535bca09380adf13a6611fa1b0473efa58696effa01d76f
-
SHA512
326d3eb59b7fd95400177e5463860b047f7b2a3ad7eaca5d37fec2ef2ee4c811761be8977f943bab1e6684e8e8bab7281cc409dc496da4522813d9cf83a321d2
-
SSDEEP
98304:w6+NbupGYWkWUKqb2mQEf1KRMJYjr3YWC6hMfGb3gpntSg:R+NqpqkWfc2mFNDYjrxhMfGQpntr
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1