General
-
Target
c3bf0df2993a2c1a106f377afbd06a2e00615dac28bc633c65a2eb3083a0cbf9
-
Size
4.2MB
-
Sample
240426-y8ngkabe68
-
MD5
84e716253c021910ac7fb59efc3de840
-
SHA1
a7304ebf3fd4adc9d0dd7369c6d0e4fac6a2ffb3
-
SHA256
c3bf0df2993a2c1a106f377afbd06a2e00615dac28bc633c65a2eb3083a0cbf9
-
SHA512
fc626b32e2b0ea352b15ec5cf5637012e685a7456cbd454e71116bd0eda1b49072a1586bb59865bb7aeb35530dc28d11b1a3156869b95cc45bdc525a4f6a03b9
-
SSDEEP
98304:q2m5eOYCD1ID98VF2Kih+6YxfniOeVNR3JpIP6GA7sf3HgV11Gx:q2m5BYCDY8uVjYxfniXVNFJ2yR7sfQVw
Static task
static1
Behavioral task
behavioral1
Sample
c3bf0df2993a2c1a106f377afbd06a2e00615dac28bc633c65a2eb3083a0cbf9.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
c3bf0df2993a2c1a106f377afbd06a2e00615dac28bc633c65a2eb3083a0cbf9
-
Size
4.2MB
-
MD5
84e716253c021910ac7fb59efc3de840
-
SHA1
a7304ebf3fd4adc9d0dd7369c6d0e4fac6a2ffb3
-
SHA256
c3bf0df2993a2c1a106f377afbd06a2e00615dac28bc633c65a2eb3083a0cbf9
-
SHA512
fc626b32e2b0ea352b15ec5cf5637012e685a7456cbd454e71116bd0eda1b49072a1586bb59865bb7aeb35530dc28d11b1a3156869b95cc45bdc525a4f6a03b9
-
SSDEEP
98304:q2m5eOYCD1ID98VF2Kih+6YxfniOeVNR3JpIP6GA7sf3HgV11Gx:q2m5BYCDY8uVjYxfniXVNFJ2yR7sfQVw
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1