General
-
Target
fbf99c761c666a198e2170c2c369051331448aa617ec9d99ea27e7873de6d83a
-
Size
4.1MB
-
Sample
240509-s2s6kscc65
-
MD5
c0769a2b7c2e1b2067c34570118f1ab9
-
SHA1
75e2c26589ce40a0b5c4f38829238e3b2966bbde
-
SHA256
fbf99c761c666a198e2170c2c369051331448aa617ec9d99ea27e7873de6d83a
-
SHA512
be5d96e311d2ea5226b0bb6d66f795e94e79e063e8a6fbae7d9c192274e5b41487a714cf22f7bd160cdaa67033207e3b80b4685f41e8e09211e185583584ff1d
-
SSDEEP
49152:aFHjWOXMS9cl73TW4F7CigoH4vE0j/gZI9yVcR+W62NZfYFwnO0lzL3OOHbQBqFU:aFDbcVB3TFxHH43Ma9n+52NVhL/oBqqj
Static task
static1
Behavioral task
behavioral1
Sample
fbf99c761c666a198e2170c2c369051331448aa617ec9d99ea27e7873de6d83a.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
fbf99c761c666a198e2170c2c369051331448aa617ec9d99ea27e7873de6d83a
-
Size
4.1MB
-
MD5
c0769a2b7c2e1b2067c34570118f1ab9
-
SHA1
75e2c26589ce40a0b5c4f38829238e3b2966bbde
-
SHA256
fbf99c761c666a198e2170c2c369051331448aa617ec9d99ea27e7873de6d83a
-
SHA512
be5d96e311d2ea5226b0bb6d66f795e94e79e063e8a6fbae7d9c192274e5b41487a714cf22f7bd160cdaa67033207e3b80b4685f41e8e09211e185583584ff1d
-
SSDEEP
49152:aFHjWOXMS9cl73TW4F7CigoH4vE0j/gZI9yVcR+W62NZfYFwnO0lzL3OOHbQBqFU:aFDbcVB3TFxHH43Ma9n+52NVhL/oBqqj
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1