General
-
Target
89caa1ccff59ac365922bf9c5e204e8305c32af71d9aaf235ea245f11f0fc3ca
-
Size
4.1MB
-
Sample
240511-njat3agh92
-
MD5
bb9c2da9b21a68cea93f90e0d981f1dd
-
SHA1
77a6f7e50a734744220b170fcc9ffa26d90d3691
-
SHA256
89caa1ccff59ac365922bf9c5e204e8305c32af71d9aaf235ea245f11f0fc3ca
-
SHA512
b8d5c697da4741ac52df526ce7e5f44cb0057ae7655991a6aef5f6117b20fa2b5124518e525c9816f47512001304c49dac25cfab584eb4ab3521cd3db1854925
-
SSDEEP
98304:ValdxVYbeltggr6p7qKtgoJu9O6Qxc6qPeInuZKahKn+3QT:6xq6ggrt/os9O/WxuFhK+AT
Static task
static1
Behavioral task
behavioral1
Sample
89caa1ccff59ac365922bf9c5e204e8305c32af71d9aaf235ea245f11f0fc3ca.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
89caa1ccff59ac365922bf9c5e204e8305c32af71d9aaf235ea245f11f0fc3ca
-
Size
4.1MB
-
MD5
bb9c2da9b21a68cea93f90e0d981f1dd
-
SHA1
77a6f7e50a734744220b170fcc9ffa26d90d3691
-
SHA256
89caa1ccff59ac365922bf9c5e204e8305c32af71d9aaf235ea245f11f0fc3ca
-
SHA512
b8d5c697da4741ac52df526ce7e5f44cb0057ae7655991a6aef5f6117b20fa2b5124518e525c9816f47512001304c49dac25cfab584eb4ab3521cd3db1854925
-
SSDEEP
98304:ValdxVYbeltggr6p7qKtgoJu9O6Qxc6qPeInuZKahKn+3QT:6xq6ggrt/os9O/WxuFhK+AT
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1