General
-
Target
bb47d9cc0d80f8c56030262bf813a704c6d18793171018ea1747be733e7bef11
-
Size
4.2MB
-
Sample
240426-whv3lsha54
-
MD5
42fdcd52e07ef84b87b95ce44263b604
-
SHA1
7d121559c9f918b35e4ab85b837050f902700c19
-
SHA256
bb47d9cc0d80f8c56030262bf813a704c6d18793171018ea1747be733e7bef11
-
SHA512
2fc0e6516ce8673a24e6176977a6d05ea3f2daf248050ebd9c81d04d700c7a9ba036d8b5913638f4eaa3013bd456db1840ed1ae6e3c6d8c572ae90f5c5e96266
-
SSDEEP
49152:cCifvx7B+7FOLxQ63IeExjZRrV5rQg00XFP5L9XkQs+hWJEWJawvScCFBuiQf8Kq:cCk8+Qet2rTQI1P5Je65g2FBuWsCvPbf
Static task
static1
Behavioral task
behavioral1
Sample
bb47d9cc0d80f8c56030262bf813a704c6d18793171018ea1747be733e7bef11.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
bb47d9cc0d80f8c56030262bf813a704c6d18793171018ea1747be733e7bef11
-
Size
4.2MB
-
MD5
42fdcd52e07ef84b87b95ce44263b604
-
SHA1
7d121559c9f918b35e4ab85b837050f902700c19
-
SHA256
bb47d9cc0d80f8c56030262bf813a704c6d18793171018ea1747be733e7bef11
-
SHA512
2fc0e6516ce8673a24e6176977a6d05ea3f2daf248050ebd9c81d04d700c7a9ba036d8b5913638f4eaa3013bd456db1840ed1ae6e3c6d8c572ae90f5c5e96266
-
SSDEEP
49152:cCifvx7B+7FOLxQ63IeExjZRrV5rQg00XFP5L9XkQs+hWJEWJawvScCFBuiQf8Kq:cCk8+Qet2rTQI1P5Je65g2FBuWsCvPbf
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1