General
-
Target
9f80a29ccf52a1839103e13ecff1a9d1c3251deb454bfa1cd4f3a32345af8447
-
Size
4.2MB
-
Sample
240423-s2xtrshe79
-
MD5
d22727e3eea9befea0d7e9b31557e3f7
-
SHA1
84eb1f2361212e5416a96dc1b005f6fdbcea2c9a
-
SHA256
9f80a29ccf52a1839103e13ecff1a9d1c3251deb454bfa1cd4f3a32345af8447
-
SHA512
b1f85de434ae30d8d68439e3778ba0850a1bb89f2e47dc50db3077f1885f9963fb0a2a6089c3cd907213883591b605ccbaa939b75f1e8c96cc597a04ed08cba4
-
SSDEEP
98304:N+Gg6aXQ+/QyN9wV3/YhHbVpnwBVKjBiw+3St8Kp8:eXQwQ89A3/Y5DnwBWu3Q8Kq
Static task
static1
Behavioral task
behavioral1
Sample
9f80a29ccf52a1839103e13ecff1a9d1c3251deb454bfa1cd4f3a32345af8447.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
9f80a29ccf52a1839103e13ecff1a9d1c3251deb454bfa1cd4f3a32345af8447
-
Size
4.2MB
-
MD5
d22727e3eea9befea0d7e9b31557e3f7
-
SHA1
84eb1f2361212e5416a96dc1b005f6fdbcea2c9a
-
SHA256
9f80a29ccf52a1839103e13ecff1a9d1c3251deb454bfa1cd4f3a32345af8447
-
SHA512
b1f85de434ae30d8d68439e3778ba0850a1bb89f2e47dc50db3077f1885f9963fb0a2a6089c3cd907213883591b605ccbaa939b75f1e8c96cc597a04ed08cba4
-
SSDEEP
98304:N+Gg6aXQ+/QyN9wV3/YhHbVpnwBVKjBiw+3St8Kp8:eXQwQ89A3/Y5DnwBWu3Q8Kq
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1