General
-
Target
fbd77d36c7d320b073f57d0d68ebcb0b8b364d16c15e6d000ad2af6a93d0e235
-
Size
4.1MB
-
Sample
240511-kwgllaac2t
-
MD5
a26e41302d8ead6781666b8f579b8877
-
SHA1
4b8fe1eb5bdc0b5fa79ddde8883aff2047d24788
-
SHA256
fbd77d36c7d320b073f57d0d68ebcb0b8b364d16c15e6d000ad2af6a93d0e235
-
SHA512
303d504e7297e15dc71814bf95e1b20dbde9b985d6f4c93a9b444030db6a054d437b9c53c7718fdac4ab22c0c719d8acbf93a56fdcd5637fa7b8158508d50cc6
-
SSDEEP
98304:4ErTbmYqgZ1XudKeC70JrifsEkbyxLCxltfr4Ppsv6xaCIZ:bD1Z1UwAUfrk2xOxPr4PpsvyaCIZ
Static task
static1
Behavioral task
behavioral1
Sample
fbd77d36c7d320b073f57d0d68ebcb0b8b364d16c15e6d000ad2af6a93d0e235.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
fbd77d36c7d320b073f57d0d68ebcb0b8b364d16c15e6d000ad2af6a93d0e235
-
Size
4.1MB
-
MD5
a26e41302d8ead6781666b8f579b8877
-
SHA1
4b8fe1eb5bdc0b5fa79ddde8883aff2047d24788
-
SHA256
fbd77d36c7d320b073f57d0d68ebcb0b8b364d16c15e6d000ad2af6a93d0e235
-
SHA512
303d504e7297e15dc71814bf95e1b20dbde9b985d6f4c93a9b444030db6a054d437b9c53c7718fdac4ab22c0c719d8acbf93a56fdcd5637fa7b8158508d50cc6
-
SSDEEP
98304:4ErTbmYqgZ1XudKeC70JrifsEkbyxLCxltfr4Ppsv6xaCIZ:bD1Z1UwAUfrk2xOxPr4PpsvyaCIZ
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1