General
-
Target
3fdefe5166c56785e272a4b27e1471aac33aa6b0cdbe4d466dde87016e941dc5
-
Size
4.1MB
-
Sample
240427-kf8p5seh68
-
MD5
6ce3ae9b79c9ddaee85a2e55d2fd89c2
-
SHA1
3816ab7b53e00efb2d7a5573e6a33882311e7674
-
SHA256
3fdefe5166c56785e272a4b27e1471aac33aa6b0cdbe4d466dde87016e941dc5
-
SHA512
e41135183066433b19afa9e29d38795cfe4eea0d9f30bdc9bb2505f6171853d14bfd0d567d7e2886aff67ae6880c8f53e7bbc28c9d65efea34e67eadfda048fb
-
SSDEEP
98304:hBrcvoQ3bpeAYFyI5s2iXAaDVcYvvxcUB482tlsgYA74q:hBQ8JjsJRJcupcUK8wlX7Z
Static task
static1
Behavioral task
behavioral1
Sample
3fdefe5166c56785e272a4b27e1471aac33aa6b0cdbe4d466dde87016e941dc5.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
3fdefe5166c56785e272a4b27e1471aac33aa6b0cdbe4d466dde87016e941dc5
-
Size
4.1MB
-
MD5
6ce3ae9b79c9ddaee85a2e55d2fd89c2
-
SHA1
3816ab7b53e00efb2d7a5573e6a33882311e7674
-
SHA256
3fdefe5166c56785e272a4b27e1471aac33aa6b0cdbe4d466dde87016e941dc5
-
SHA512
e41135183066433b19afa9e29d38795cfe4eea0d9f30bdc9bb2505f6171853d14bfd0d567d7e2886aff67ae6880c8f53e7bbc28c9d65efea34e67eadfda048fb
-
SSDEEP
98304:hBrcvoQ3bpeAYFyI5s2iXAaDVcYvvxcUB482tlsgYA74q:hBQ8JjsJRJcupcUK8wlX7Z
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1