General
-
Target
fe0bf9db72ed034c074d4cc4a66248a144156f881cd819e755a6c4d996666089
-
Size
4.1MB
-
Sample
240509-txd2jaec87
-
MD5
7a4aa20ee431bf137cd6c71fd0abd99e
-
SHA1
0dd42f08817157d7c0a1fc481d87b3483443fb01
-
SHA256
fe0bf9db72ed034c074d4cc4a66248a144156f881cd819e755a6c4d996666089
-
SHA512
6d5a32b1337cabcfa52ceca68bff5027bd7b7a35178668abd0bebfffc62f6cc5f8417c15b519ae7a1feb9774dbb8905aa9fada838d052d5f1e70ebcdce9276e3
-
SSDEEP
98304:agQj3bYke7IH4UmHBe7fvGvGegFjoB9Y4hH2MnS9al:Vmkkc0oEfvGFgFjKYMWdY
Static task
static1
Behavioral task
behavioral1
Sample
fe0bf9db72ed034c074d4cc4a66248a144156f881cd819e755a6c4d996666089.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
fe0bf9db72ed034c074d4cc4a66248a144156f881cd819e755a6c4d996666089
-
Size
4.1MB
-
MD5
7a4aa20ee431bf137cd6c71fd0abd99e
-
SHA1
0dd42f08817157d7c0a1fc481d87b3483443fb01
-
SHA256
fe0bf9db72ed034c074d4cc4a66248a144156f881cd819e755a6c4d996666089
-
SHA512
6d5a32b1337cabcfa52ceca68bff5027bd7b7a35178668abd0bebfffc62f6cc5f8417c15b519ae7a1feb9774dbb8905aa9fada838d052d5f1e70ebcdce9276e3
-
SSDEEP
98304:agQj3bYke7IH4UmHBe7fvGvGegFjoB9Y4hH2MnS9al:Vmkkc0oEfvGFgFjKYMWdY
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1