General
-
Target
b01f9aaf90ef31df41173f98f12f23dcda37f0f1f713169f18df01db428de8d7
-
Size
4.2MB
-
Sample
240425-h48zpsgg37
-
MD5
13f0c4cfd4865359bd3654ed36216acd
-
SHA1
8030770ed024d64039d1830ce2b07d0683cae717
-
SHA256
b01f9aaf90ef31df41173f98f12f23dcda37f0f1f713169f18df01db428de8d7
-
SHA512
37c568429e89e5829f62f665b91d33b61c09b1bc1fbefe62437b29cbc38713d7d722fcd3d13bd7380baba84a40d11be3f906dfda0b57c0384395917250f53cf5
-
SSDEEP
98304:tPsj8nM8f9N7dpNQ5A13kFnblxOFQG3eoyMtxZT:BKe9pO6ublAFHdDtxR
Static task
static1
Behavioral task
behavioral1
Sample
b01f9aaf90ef31df41173f98f12f23dcda37f0f1f713169f18df01db428de8d7.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
b01f9aaf90ef31df41173f98f12f23dcda37f0f1f713169f18df01db428de8d7
-
Size
4.2MB
-
MD5
13f0c4cfd4865359bd3654ed36216acd
-
SHA1
8030770ed024d64039d1830ce2b07d0683cae717
-
SHA256
b01f9aaf90ef31df41173f98f12f23dcda37f0f1f713169f18df01db428de8d7
-
SHA512
37c568429e89e5829f62f665b91d33b61c09b1bc1fbefe62437b29cbc38713d7d722fcd3d13bd7380baba84a40d11be3f906dfda0b57c0384395917250f53cf5
-
SSDEEP
98304:tPsj8nM8f9N7dpNQ5A13kFnblxOFQG3eoyMtxZT:BKe9pO6ublAFHdDtxR
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1