General
-
Target
cb2c965d6c8952a7f14778c325b613e14591106add4e21edea5f9cd5be46c491
-
Size
4.2MB
-
Sample
240423-xe1pcsag8y
-
MD5
a313c167f617ca086d31778e64a687fc
-
SHA1
8b5c7bf18357f12e857e3c2bc53dde41dde770d5
-
SHA256
cb2c965d6c8952a7f14778c325b613e14591106add4e21edea5f9cd5be46c491
-
SHA512
7e1cd1e8ab6c8263eb82a5f059045c64178d8c7065077d6bf33574d09d4d0aed32bb983a0501aa819216bf9c6f8098648adeba633704a24a13714fb05ac72de0
-
SSDEEP
98304:yoLXUDNHz93Dv2SDo10StEtQ0zNL2UR2k1/HX:RUDNB72YVuEe0xC5uHX
Static task
static1
Behavioral task
behavioral1
Sample
cb2c965d6c8952a7f14778c325b613e14591106add4e21edea5f9cd5be46c491.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
cb2c965d6c8952a7f14778c325b613e14591106add4e21edea5f9cd5be46c491
-
Size
4.2MB
-
MD5
a313c167f617ca086d31778e64a687fc
-
SHA1
8b5c7bf18357f12e857e3c2bc53dde41dde770d5
-
SHA256
cb2c965d6c8952a7f14778c325b613e14591106add4e21edea5f9cd5be46c491
-
SHA512
7e1cd1e8ab6c8263eb82a5f059045c64178d8c7065077d6bf33574d09d4d0aed32bb983a0501aa819216bf9c6f8098648adeba633704a24a13714fb05ac72de0
-
SSDEEP
98304:yoLXUDNHz93Dv2SDo10StEtQ0zNL2UR2k1/HX:RUDNB72YVuEe0xC5uHX
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1