General
-
Target
f908db6a1c824fd668ed4c1ee50b5e8cfcba8161b71e75b5a93bbc5f2a1f73ef
-
Size
4.1MB
-
Sample
240515-lrnd1sbg2x
-
MD5
78041c459e2ca7c397bb35e3ae87dd87
-
SHA1
95d292cce7bef91c128e3fa594bc3ee14816d24e
-
SHA256
f908db6a1c824fd668ed4c1ee50b5e8cfcba8161b71e75b5a93bbc5f2a1f73ef
-
SHA512
e0b1b8c9ca40d2d86e4ff9fdaf1d3851f02c0885412b444b1098c84971e453929df3cf9c3f26aa7b536bf37be08402c66167df1aa3686e0a27e27cecae560956
-
SSDEEP
98304:TrCNiB8ow0tjGRwMUUAJnC6DPNgwm1X3ykRpk8yR82N6s:TrCy8l0I4UGC6Dg3yk88nps
Static task
static1
Behavioral task
behavioral1
Sample
f908db6a1c824fd668ed4c1ee50b5e8cfcba8161b71e75b5a93bbc5f2a1f73ef.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
f908db6a1c824fd668ed4c1ee50b5e8cfcba8161b71e75b5a93bbc5f2a1f73ef
-
Size
4.1MB
-
MD5
78041c459e2ca7c397bb35e3ae87dd87
-
SHA1
95d292cce7bef91c128e3fa594bc3ee14816d24e
-
SHA256
f908db6a1c824fd668ed4c1ee50b5e8cfcba8161b71e75b5a93bbc5f2a1f73ef
-
SHA512
e0b1b8c9ca40d2d86e4ff9fdaf1d3851f02c0885412b444b1098c84971e453929df3cf9c3f26aa7b536bf37be08402c66167df1aa3686e0a27e27cecae560956
-
SSDEEP
98304:TrCNiB8ow0tjGRwMUUAJnC6DPNgwm1X3ykRpk8yR82N6s:TrCy8l0I4UGC6Dg3yk88nps
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1