General
-
Target
68b63fcdf0ce9ef0b1eb5d41938bd611c3e88d08b822eb747d2ecb149080d0d2
-
Size
4.1MB
-
Sample
240421-y83w9abc9z
-
MD5
13d3f47d622c644801a99dd6341c29ea
-
SHA1
c760b08f72106efa731000b75020b70051dbc6f8
-
SHA256
68b63fcdf0ce9ef0b1eb5d41938bd611c3e88d08b822eb747d2ecb149080d0d2
-
SHA512
0e4b92eb0136855cb685c2b47a95759f844dfb2ce5669bb75523aa6827b47015390493bda3b7005dd187215944fd29afae8702554e22846fc36d514443688b37
-
SSDEEP
98304:Q6+NbupGYWkWUKqb2mQEf1KRMJYjr3YWC6hMfGb3gpntSm:x+NqpqkWfc2mFNDYjrxhMfGQpntp
Static task
static1
Behavioral task
behavioral1
Sample
68b63fcdf0ce9ef0b1eb5d41938bd611c3e88d08b822eb747d2ecb149080d0d2.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
68b63fcdf0ce9ef0b1eb5d41938bd611c3e88d08b822eb747d2ecb149080d0d2
-
Size
4.1MB
-
MD5
13d3f47d622c644801a99dd6341c29ea
-
SHA1
c760b08f72106efa731000b75020b70051dbc6f8
-
SHA256
68b63fcdf0ce9ef0b1eb5d41938bd611c3e88d08b822eb747d2ecb149080d0d2
-
SHA512
0e4b92eb0136855cb685c2b47a95759f844dfb2ce5669bb75523aa6827b47015390493bda3b7005dd187215944fd29afae8702554e22846fc36d514443688b37
-
SSDEEP
98304:Q6+NbupGYWkWUKqb2mQEf1KRMJYjr3YWC6hMfGb3gpntSm:x+NqpqkWfc2mFNDYjrxhMfGQpntp
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1