General
-
Target
87896780b314d4f09c05ff56975b0124b09790bf9c2f163edc9f678065af9476
-
Size
4.2MB
-
Sample
240423-ss613shd2s
-
MD5
34b6207677d2fffb55b3b96e3b4dcb8f
-
SHA1
450ab9244867d3b8e782abc737b8f5518c164363
-
SHA256
87896780b314d4f09c05ff56975b0124b09790bf9c2f163edc9f678065af9476
-
SHA512
2ac39dfa81bf5c1be649b280db054fcebcc981ff0ed43748ea157a29d6beac2d1b3d6bb10512412316099a11c1be2408e4e84072b75a9d0d19676ff6521134ca
-
SSDEEP
98304:ZYLCMptDmsu+9iprwjFTOTj/zIJhxobwLXF8FmbNEpdL19bKo:NkDFH9njBOTWhxocJmmbsdxhp
Static task
static1
Behavioral task
behavioral1
Sample
87896780b314d4f09c05ff56975b0124b09790bf9c2f163edc9f678065af9476.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
87896780b314d4f09c05ff56975b0124b09790bf9c2f163edc9f678065af9476
-
Size
4.2MB
-
MD5
34b6207677d2fffb55b3b96e3b4dcb8f
-
SHA1
450ab9244867d3b8e782abc737b8f5518c164363
-
SHA256
87896780b314d4f09c05ff56975b0124b09790bf9c2f163edc9f678065af9476
-
SHA512
2ac39dfa81bf5c1be649b280db054fcebcc981ff0ed43748ea157a29d6beac2d1b3d6bb10512412316099a11c1be2408e4e84072b75a9d0d19676ff6521134ca
-
SSDEEP
98304:ZYLCMptDmsu+9iprwjFTOTj/zIJhxobwLXF8FmbNEpdL19bKo:NkDFH9njBOTWhxocJmmbsdxhp
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1