General
-
Target
bb892d6f18c0c50bd0c20cbe87bf0be73806c8b6d1611398abdcf96ad823a779
-
Size
4.2MB
-
Sample
240426-w3hysaad4t
-
MD5
4facb2900fc5eed9c7863c73372fcf3f
-
SHA1
7436569e5ba77b5103ede6089ec84fbe0f9bdc0d
-
SHA256
bb892d6f18c0c50bd0c20cbe87bf0be73806c8b6d1611398abdcf96ad823a779
-
SHA512
050849562a07a9a47aba723cb51e0e346fb7ac2f713dad2a3c7d3826ee93bc8536577691597b1195929a95a36ed87a7805b4522b2bc8882d51b3c11f6f010da1
-
SSDEEP
98304:l2LBAEOKvJ0/zY80N0vVppdLThkoJY3pu9gQ6ORc3/EM9CU8vMeH:MtADCJ0L4N0vbpdLThJY3KtRc6kK
Static task
static1
Behavioral task
behavioral1
Sample
bb892d6f18c0c50bd0c20cbe87bf0be73806c8b6d1611398abdcf96ad823a779.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
bb892d6f18c0c50bd0c20cbe87bf0be73806c8b6d1611398abdcf96ad823a779
-
Size
4.2MB
-
MD5
4facb2900fc5eed9c7863c73372fcf3f
-
SHA1
7436569e5ba77b5103ede6089ec84fbe0f9bdc0d
-
SHA256
bb892d6f18c0c50bd0c20cbe87bf0be73806c8b6d1611398abdcf96ad823a779
-
SHA512
050849562a07a9a47aba723cb51e0e346fb7ac2f713dad2a3c7d3826ee93bc8536577691597b1195929a95a36ed87a7805b4522b2bc8882d51b3c11f6f010da1
-
SSDEEP
98304:l2LBAEOKvJ0/zY80N0vVppdLThkoJY3pu9gQ6ORc3/EM9CU8vMeH:MtADCJ0L4N0vbpdLThJY3KtRc6kK
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1