General
-
Target
653995818ddc341840c902fee76c18e47bb2cbd4f4e0709cab22a4d4a056e2d7
-
Size
4.1MB
-
Sample
240511-nk8sgseb2s
-
MD5
b800a70af3b8faebece3c756b4449b23
-
SHA1
d890cb2fc6a5c9b1a14b2db987e9c01106547490
-
SHA256
653995818ddc341840c902fee76c18e47bb2cbd4f4e0709cab22a4d4a056e2d7
-
SHA512
bf255fd026f29bd1344dc04948fa87d8f36b0326cb53ad14ca9ca554a463b65d455f1e173ceb3eb4e5682e90983aafe6c440bd8a9046257c9d50d9ad8e00b8a9
-
SSDEEP
98304:ValdxVYbeltggr6p7qKtgoJu9O6Qxc6qPeInuZKahKn+3QK:6xq6ggrt/os9O/WxuFhK+AK
Static task
static1
Behavioral task
behavioral1
Sample
653995818ddc341840c902fee76c18e47bb2cbd4f4e0709cab22a4d4a056e2d7.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
653995818ddc341840c902fee76c18e47bb2cbd4f4e0709cab22a4d4a056e2d7
-
Size
4.1MB
-
MD5
b800a70af3b8faebece3c756b4449b23
-
SHA1
d890cb2fc6a5c9b1a14b2db987e9c01106547490
-
SHA256
653995818ddc341840c902fee76c18e47bb2cbd4f4e0709cab22a4d4a056e2d7
-
SHA512
bf255fd026f29bd1344dc04948fa87d8f36b0326cb53ad14ca9ca554a463b65d455f1e173ceb3eb4e5682e90983aafe6c440bd8a9046257c9d50d9ad8e00b8a9
-
SSDEEP
98304:ValdxVYbeltggr6p7qKtgoJu9O6Qxc6qPeInuZKahKn+3QK:6xq6ggrt/os9O/WxuFhK+AK
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1