General
-
Target
11f83d801a6cd3541b4f171826166a2054a0072df76dcdf2ff7a6c9ceaf75ba9
-
Size
4.1MB
-
Sample
240421-zhtrbsbc33
-
MD5
914c11a7b8e9f973275e932fd54b2539
-
SHA1
eece0116d6afca41a536815894f265b8a57de70d
-
SHA256
11f83d801a6cd3541b4f171826166a2054a0072df76dcdf2ff7a6c9ceaf75ba9
-
SHA512
336ee86b9a1d239e186adcb83ddb42588477838b1b18a2089118768f1ff136c188beab94324e4f04786c9340d9949a8c55901d4d96cb96f4ad1b04e024970315
-
SSDEEP
98304:gwsyYpLI30hNm0X97sfQhuFOzbEeYixTYaktM3XAOoYGnm0lEP:mllzc0tsfv+41ixUfgAfRVk
Static task
static1
Behavioral task
behavioral1
Sample
11f83d801a6cd3541b4f171826166a2054a0072df76dcdf2ff7a6c9ceaf75ba9.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
11f83d801a6cd3541b4f171826166a2054a0072df76dcdf2ff7a6c9ceaf75ba9
-
Size
4.1MB
-
MD5
914c11a7b8e9f973275e932fd54b2539
-
SHA1
eece0116d6afca41a536815894f265b8a57de70d
-
SHA256
11f83d801a6cd3541b4f171826166a2054a0072df76dcdf2ff7a6c9ceaf75ba9
-
SHA512
336ee86b9a1d239e186adcb83ddb42588477838b1b18a2089118768f1ff136c188beab94324e4f04786c9340d9949a8c55901d4d96cb96f4ad1b04e024970315
-
SSDEEP
98304:gwsyYpLI30hNm0X97sfQhuFOzbEeYixTYaktM3XAOoYGnm0lEP:mllzc0tsfv+41ixUfgAfRVk
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1