General
-
Target
f00467670caa3e6b726d0c4c807f2fa4768ad4ce2327e4e78489784367b59482
-
Size
4.2MB
-
Sample
240425-h8p3dsgg76
-
MD5
c4c1a4cbf0eb0063edb794c7fae315ad
-
SHA1
14d528c116fab5dd0cb2aa4897e06a32fb1ab7ee
-
SHA256
f00467670caa3e6b726d0c4c807f2fa4768ad4ce2327e4e78489784367b59482
-
SHA512
92e6022108a3d6a3b96c142336f20e09e5b19bf04a5d195ce72a610d1e76186ed62774df958a119ee5b2e64c1a05e3099f138017859e8aa489be3fbe87283031
-
SSDEEP
98304:9Psj8nM8f9N7dpNQ5A13kFnblxOFQG3eoyMtxZI:xKe9pO6ublAFHdDtxG
Static task
static1
Behavioral task
behavioral1
Sample
f00467670caa3e6b726d0c4c807f2fa4768ad4ce2327e4e78489784367b59482.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
f00467670caa3e6b726d0c4c807f2fa4768ad4ce2327e4e78489784367b59482
-
Size
4.2MB
-
MD5
c4c1a4cbf0eb0063edb794c7fae315ad
-
SHA1
14d528c116fab5dd0cb2aa4897e06a32fb1ab7ee
-
SHA256
f00467670caa3e6b726d0c4c807f2fa4768ad4ce2327e4e78489784367b59482
-
SHA512
92e6022108a3d6a3b96c142336f20e09e5b19bf04a5d195ce72a610d1e76186ed62774df958a119ee5b2e64c1a05e3099f138017859e8aa489be3fbe87283031
-
SSDEEP
98304:9Psj8nM8f9N7dpNQ5A13kFnblxOFQG3eoyMtxZI:xKe9pO6ublAFHdDtxG
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1