General
-
Target
79bac702707b57c3c9a9221fca0f1f9ac1877f739a06c92916695af8d86a90ba
-
Size
4.2MB
-
Sample
240426-zpm75aca56
-
MD5
14524d69b0d1bbfc61a3c71ad1ca6a20
-
SHA1
cd31a446d6439a808b7a709d45eefb1a66b36ce0
-
SHA256
79bac702707b57c3c9a9221fca0f1f9ac1877f739a06c92916695af8d86a90ba
-
SHA512
dcdb907f376211f55b74115013db617fae0f2f089890eedeac6360994a3bb449a4988055f861e84aced13c20e0ac0de33759d089e65580ea10b69a63b5b2c169
-
SSDEEP
98304:Fx1RyBW5eh1jvdHfL95CEfIBLRbKwJWZNSsbjNHI+:HfIvBT9wRBLRbbJ6NSsbZHN
Static task
static1
Behavioral task
behavioral1
Sample
79bac702707b57c3c9a9221fca0f1f9ac1877f739a06c92916695af8d86a90ba.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
79bac702707b57c3c9a9221fca0f1f9ac1877f739a06c92916695af8d86a90ba
-
Size
4.2MB
-
MD5
14524d69b0d1bbfc61a3c71ad1ca6a20
-
SHA1
cd31a446d6439a808b7a709d45eefb1a66b36ce0
-
SHA256
79bac702707b57c3c9a9221fca0f1f9ac1877f739a06c92916695af8d86a90ba
-
SHA512
dcdb907f376211f55b74115013db617fae0f2f089890eedeac6360994a3bb449a4988055f861e84aced13c20e0ac0de33759d089e65580ea10b69a63b5b2c169
-
SSDEEP
98304:Fx1RyBW5eh1jvdHfL95CEfIBLRbKwJWZNSsbjNHI+:HfIvBT9wRBLRbbJ6NSsbZHN
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1