General
-
Target
2bd34a6362a07443a48cc9fc6b2cab0959e13abf2ae7dfd70b926dc0c6818fcb
-
Size
4.2MB
-
Sample
240425-qejmhsbb25
-
MD5
8fb180d9be8c59e56ff5e267446a688a
-
SHA1
fa159f11a932d539760c5fdbf42a89872a911475
-
SHA256
2bd34a6362a07443a48cc9fc6b2cab0959e13abf2ae7dfd70b926dc0c6818fcb
-
SHA512
adfeef5ddff34e17a138c0fa9ce08b8a43e3e4b61d90a6e2f71c85dc6e97cdee3ee41545a9b30f0afcd36114af77766eba060f654cb7c1323f95cb913ff4a562
-
SSDEEP
98304:JlPNnLMcliXgk6mZUGEiVLqbbhuqLV4AlEjP7e:JlP9LMc0wkDbEiV0LVIC
Static task
static1
Behavioral task
behavioral1
Sample
2bd34a6362a07443a48cc9fc6b2cab0959e13abf2ae7dfd70b926dc0c6818fcb.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
2bd34a6362a07443a48cc9fc6b2cab0959e13abf2ae7dfd70b926dc0c6818fcb
-
Size
4.2MB
-
MD5
8fb180d9be8c59e56ff5e267446a688a
-
SHA1
fa159f11a932d539760c5fdbf42a89872a911475
-
SHA256
2bd34a6362a07443a48cc9fc6b2cab0959e13abf2ae7dfd70b926dc0c6818fcb
-
SHA512
adfeef5ddff34e17a138c0fa9ce08b8a43e3e4b61d90a6e2f71c85dc6e97cdee3ee41545a9b30f0afcd36114af77766eba060f654cb7c1323f95cb913ff4a562
-
SSDEEP
98304:JlPNnLMcliXgk6mZUGEiVLqbbhuqLV4AlEjP7e:JlP9LMc0wkDbEiV0LVIC
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1