General
-
Target
1ba8b2e4a3bad76d25b1b3297419ef71682f4da1c3056926bb9ccc6ab4b30adb
-
Size
4.2MB
-
Sample
240509-2mmvpaag8z
-
MD5
92e04e56e92a198e6f9bf221940a9802
-
SHA1
6ddcad9d3370eadee23c508dbb64574b0e081a68
-
SHA256
1ba8b2e4a3bad76d25b1b3297419ef71682f4da1c3056926bb9ccc6ab4b30adb
-
SHA512
fb159130045b4dc661cf8706b098eca41512929345da16ed45df9a4e6ad4b4a70aaf760980a141ab10e9d5dd9c48edc4a5a6a4106287c73d6f3300bac8832b14
-
SSDEEP
98304:NQ9NLetdMUbMQcDuuZxpw6wZYxbShEgW29DIYI1VWjDTKhv/ZvBZz7:G9NSjM9QcjOisE18U78jDGd/ZvX7
Static task
static1
Behavioral task
behavioral1
Sample
1ba8b2e4a3bad76d25b1b3297419ef71682f4da1c3056926bb9ccc6ab4b30adb.exe
Resource
win7-20240220-en
Malware Config
Targets
-
-
Target
1ba8b2e4a3bad76d25b1b3297419ef71682f4da1c3056926bb9ccc6ab4b30adb
-
Size
4.2MB
-
MD5
92e04e56e92a198e6f9bf221940a9802
-
SHA1
6ddcad9d3370eadee23c508dbb64574b0e081a68
-
SHA256
1ba8b2e4a3bad76d25b1b3297419ef71682f4da1c3056926bb9ccc6ab4b30adb
-
SHA512
fb159130045b4dc661cf8706b098eca41512929345da16ed45df9a4e6ad4b4a70aaf760980a141ab10e9d5dd9c48edc4a5a6a4106287c73d6f3300bac8832b14
-
SSDEEP
98304:NQ9NLetdMUbMQcDuuZxpw6wZYxbShEgW29DIYI1VWjDTKhv/ZvBZz7:G9NSjM9QcjOisE18U78jDGd/ZvX7
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1