General
-
Target
bb6cc73436f6feb8e70afb9ab8e234a25266ae11e2ca695a6d7d82936b4b26c6
-
Size
4.1MB
-
Sample
240421-zkd4nabe5t
-
MD5
125bc0523cee1766241ca7eea9bf41a1
-
SHA1
4210561d80658b7b1faaa8900bb0f4a14da99e24
-
SHA256
bb6cc73436f6feb8e70afb9ab8e234a25266ae11e2ca695a6d7d82936b4b26c6
-
SHA512
1350d302591e03396aa7c72d23879b15102d0588757e6173f59aeb212a4af1be2ca0b163d7a224364973a367922461033d65f22ac43c3a3b7eabd8543ac48b5c
-
SSDEEP
98304:4wsyYpLI30hNm0X97sfQhuFOzbEeYixTYaktM3XAOoYGnm0lEw:+llzc0tsfv+41ixUfgAfRVP
Static task
static1
Behavioral task
behavioral1
Sample
bb6cc73436f6feb8e70afb9ab8e234a25266ae11e2ca695a6d7d82936b4b26c6.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
bb6cc73436f6feb8e70afb9ab8e234a25266ae11e2ca695a6d7d82936b4b26c6
-
Size
4.1MB
-
MD5
125bc0523cee1766241ca7eea9bf41a1
-
SHA1
4210561d80658b7b1faaa8900bb0f4a14da99e24
-
SHA256
bb6cc73436f6feb8e70afb9ab8e234a25266ae11e2ca695a6d7d82936b4b26c6
-
SHA512
1350d302591e03396aa7c72d23879b15102d0588757e6173f59aeb212a4af1be2ca0b163d7a224364973a367922461033d65f22ac43c3a3b7eabd8543ac48b5c
-
SSDEEP
98304:4wsyYpLI30hNm0X97sfQhuFOzbEeYixTYaktM3XAOoYGnm0lEw:+llzc0tsfv+41ixUfgAfRVP
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1