General
-
Target
b36ba7bf3d9bd14f518c4c5a4a68b28860e0f778fa89a7a8aa225fb7f97f355d
-
Size
4.2MB
-
Sample
240426-3lmc7sfc71
-
MD5
5377602cc16b14914978a4db2d3e8cac
-
SHA1
a4c679fe48ed474a3a1bfa1ae558983d5d8600bc
-
SHA256
b36ba7bf3d9bd14f518c4c5a4a68b28860e0f778fa89a7a8aa225fb7f97f355d
-
SHA512
975313c7a9b48a77b034efc7c3480d26f0872b8ba0638a828d2bf470882d27f8ea2950bf796a948e751916372e0f7a436c6ce1bffe4b6e530c04bd38947e2cd5
-
SSDEEP
98304:gkAjdDPAeC2B02wyEqB4QU18FBwX92iJvUa6o386BoSeiwZU4mjQxQm:LuPAV2B0NRqB88FqJvA6j4GQD
Static task
static1
Behavioral task
behavioral1
Sample
b36ba7bf3d9bd14f518c4c5a4a68b28860e0f778fa89a7a8aa225fb7f97f355d.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
b36ba7bf3d9bd14f518c4c5a4a68b28860e0f778fa89a7a8aa225fb7f97f355d
-
Size
4.2MB
-
MD5
5377602cc16b14914978a4db2d3e8cac
-
SHA1
a4c679fe48ed474a3a1bfa1ae558983d5d8600bc
-
SHA256
b36ba7bf3d9bd14f518c4c5a4a68b28860e0f778fa89a7a8aa225fb7f97f355d
-
SHA512
975313c7a9b48a77b034efc7c3480d26f0872b8ba0638a828d2bf470882d27f8ea2950bf796a948e751916372e0f7a436c6ce1bffe4b6e530c04bd38947e2cd5
-
SSDEEP
98304:gkAjdDPAeC2B02wyEqB4QU18FBwX92iJvUa6o386BoSeiwZU4mjQxQm:LuPAV2B0NRqB88FqJvA6j4GQD
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1