General
-
Target
e1c246833f93f8afa700267b380192b0d9abe77611c5821dfa9f46493c4b56bc
-
Size
4.2MB
-
Sample
240427-2bslsshh48
-
MD5
747022037ac7257b9962af4ac7cf9efe
-
SHA1
c273e25600ea9a334652ef2c7d4d5b8c41de94ea
-
SHA256
e1c246833f93f8afa700267b380192b0d9abe77611c5821dfa9f46493c4b56bc
-
SHA512
1765a538143993f7fabf965c4cd632b3af137985819a42566877cc829d5ec36b0bd9d174f146d85d173cc3a09d56f55acd1cd435689249379bb8a48ed2f362c3
-
SSDEEP
98304:XamOmyh13YwSD+iffg9rOMOczucEEdNxQlfwo87Elwi0PG1d:XTy8Jy4o9ecZxQhwo8IinPG1d
Static task
static1
Behavioral task
behavioral1
Sample
e1c246833f93f8afa700267b380192b0d9abe77611c5821dfa9f46493c4b56bc.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
e1c246833f93f8afa700267b380192b0d9abe77611c5821dfa9f46493c4b56bc
-
Size
4.2MB
-
MD5
747022037ac7257b9962af4ac7cf9efe
-
SHA1
c273e25600ea9a334652ef2c7d4d5b8c41de94ea
-
SHA256
e1c246833f93f8afa700267b380192b0d9abe77611c5821dfa9f46493c4b56bc
-
SHA512
1765a538143993f7fabf965c4cd632b3af137985819a42566877cc829d5ec36b0bd9d174f146d85d173cc3a09d56f55acd1cd435689249379bb8a48ed2f362c3
-
SSDEEP
98304:XamOmyh13YwSD+iffg9rOMOczucEEdNxQlfwo87Elwi0PG1d:XTy8Jy4o9ecZxQhwo8IinPG1d
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1