General
-
Target
be57c5a718ba37cbb0058a4ce3d4f8699d918070b7c73f86b6cc0466f480087c
-
Size
4.1MB
-
Sample
240509-p8kk8saf9z
-
MD5
0634b01d4ba2d05113821c83e1a25b1e
-
SHA1
291d926599fc9d6b92d4acb3aa41556d6c3c6be5
-
SHA256
be57c5a718ba37cbb0058a4ce3d4f8699d918070b7c73f86b6cc0466f480087c
-
SHA512
d2010b61ff7f7290eeea6875879753eb5d4c7f35d8949139457d52c4fed7247989f1ff3b5f5aa0675ae0b609162d951eea9e27d0b32e63e00e5ff890e4e6d0b8
-
SSDEEP
98304:UsY/dZ96HSSh3za2WcnSdxBz+LIy5MjydJbomy+VuiahA6:3QZcza2WcnIxBnXOdJK+3UA6
Static task
static1
Behavioral task
behavioral1
Sample
be57c5a718ba37cbb0058a4ce3d4f8699d918070b7c73f86b6cc0466f480087c.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
be57c5a718ba37cbb0058a4ce3d4f8699d918070b7c73f86b6cc0466f480087c
-
Size
4.1MB
-
MD5
0634b01d4ba2d05113821c83e1a25b1e
-
SHA1
291d926599fc9d6b92d4acb3aa41556d6c3c6be5
-
SHA256
be57c5a718ba37cbb0058a4ce3d4f8699d918070b7c73f86b6cc0466f480087c
-
SHA512
d2010b61ff7f7290eeea6875879753eb5d4c7f35d8949139457d52c4fed7247989f1ff3b5f5aa0675ae0b609162d951eea9e27d0b32e63e00e5ff890e4e6d0b8
-
SSDEEP
98304:UsY/dZ96HSSh3za2WcnSdxBz+LIy5MjydJbomy+VuiahA6:3QZcza2WcnIxBnXOdJK+3UA6
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1